mirror of
https://github.com/tailscale/tailscale.git
synced 2026-03-29 03:31:22 -04:00
8be5affa6d
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e8c483db8...de0fac2e45)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
52 lines
1.6 KiB
YAML
52 lines
1.6 KiB
YAML
name: govulncheck
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 12 * * *" # 8am EST / 10am PST / 12pm UTC
|
|
workflow_dispatch: # allow manual trigger for testing
|
|
pull_request:
|
|
paths:
|
|
- ".github/workflows/govulncheck.yml"
|
|
|
|
jobs:
|
|
source-scan:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Check out code into the Go module directory
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Install govulncheck
|
|
run: ./tool/go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
|
|
- name: Scan source code for known vulnerabilities
|
|
run: PATH=$PWD/tool/:$PATH "$(./tool/go env GOPATH)/bin/govulncheck" -test ./...
|
|
|
|
- name: Post to slack
|
|
if: failure() && github.event_name == 'schedule'
|
|
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
|
|
with:
|
|
method: chat.postMessage
|
|
token: ${{ secrets.GOVULNCHECK_BOT_TOKEN }}
|
|
payload: |
|
|
{
|
|
"channel": "C08FGKZCQTW",
|
|
"blocks": [
|
|
{
|
|
"type": "section",
|
|
"text": {
|
|
"type": "mrkdwn",
|
|
"text": "Govulncheck failed in ${{ github.repository }}"
|
|
},
|
|
"accessory": {
|
|
"type": "button",
|
|
"text": {
|
|
"type": "plain_text",
|
|
"text": "View results"
|
|
},
|
|
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
}
|
|
}
|
|
]
|
|
}
|