Add govulncheck and dependency-review to CI workflow

Signed-off-by: Eddie Torres <[email protected]>
kubernetes-sigs · Oct 16, 2023 · 32e18d3 · 32e18d3
1 parent 8096deb
commit 32e18d3
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
@@ -0,0 +1,20 @@
+name: 'govulncheck'
+on: [pull_request]
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+
+      - name: 'Run govulncheck'
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
diff --git a/Dockerfile b/Dockerfile
@@ -15,7 +15,7 @@
 # See
 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 # for info on BUILDPLATFORM, TARGETOS, TARGETARCH, etc.
-FROM --platform=$BUILDPLATFORM golang:1.20 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.21 AS builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver
 COPY go.* .
 ARG GOPROXY