chore(security): Support Go Vulnerability Management (#21139)

See https://go.dev/security/vuln/

Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>

Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
This commit is contained in:
Bo-Yi Wu 2022-09-11 15:02:18 +08:00 committed by GitHub
parent 77c916f6d9
commit 24b5a384d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 0 deletions

View File

@ -39,6 +39,16 @@ steps:
- make lint-frontend
depends_on: [deps-frontend]
- name: security-check
image: golang:1.19
pull: always
commands:
- make security-check
depends_on: [deps-backend]
volumes:
- name: deps
path: /go
- name: lint-backend
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
pull: always

View File

@ -35,6 +35,7 @@ MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
DOCKER_IMAGE ?= gitea/gitea
DOCKER_TAG ?= latest
@ -728,6 +729,10 @@ generate-go: $(TAGS_PREREQ)
@echo "Running go generate..."
@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
.PHONY: security-check
security-check:
govulncheck -v ./...
$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
@ -813,6 +818,7 @@ deps-backend:
$(GO) install $(SWAGGER_PACKAGE)
$(GO) install $(XGO_PACKAGE)
$(GO) install $(GO_LICENSES_PACKAGE)
$(GO) install $(GOVULNCHECK_PACKAGE)
node_modules: package-lock.json
npm install --no-save