feat(ci): add Golang dependency vulnerability check (#1528)

* feat(ci): add Golang dependency vulnerability check * update * check run * c++
evmos · Dec 2, 2022 · 9077172 · 9077172
1 parent d9fc677
commit 9077172
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 6 deletions.
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -0,0 +1,28 @@
+name: "Dependency Review"
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+          check-latest: true
+      - name: "Checkout Repository"
+        uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/**.go
+            go.mod
+            go.sum
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+        if: env.GIT_DIFF
+      - name: "Go vulnerability check"
+        run: make vulncheck
+        if: env.GIT_DIFF
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -32,7 +32,7 @@ jobs:
           args: --timeout 10m
           github-token: ${{ secrets.github_token }}
         # Check only if there are differences in the source code
-        if: "env.GIT_DIFF"
+        if: env.GIT_DIFF
   markdown-lint:
     name: Run markdown-lint
     runs-on: ubuntu-latest

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -59,7 +59,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ### Features
 
-- (app) [#1501](https://github.com/evmos/ethermint/pull/1501) Set default File store listener for application from [ADR38](https://docs.cosmos.network/v0.47/architecture/adr-038-state-listening)
+* (ci) [#1528](https://github.com/evmos/ethermint/pull/1528) Add Golang dependency vulnerability checker.
+* (app) [#1501](https://github.com/evmos/ethermint/pull/1501) Set default File store listener for application from [ADR38](https://docs.cosmos.network/v0.47/architecture/adr-038-state-listening)
 
 ### Improvements
 

diff --git a/Makefile b/Makefile
@@ -155,7 +155,7 @@ clean:
 
 all: build
 
-build-all: tools build lint test
+build-all: tools build lint test vulncheck
 
 .PHONY: distclean clean build-all
 
@@ -273,6 +273,10 @@ go.sum: go.mod
 	go mod verify
 	go mod tidy
 
+vulncheck: $(BUILDDIR)/
+	GOBIN=$(BUILDDIR) go install golang.org/x/vuln/cmd/govulncheck@latest
+	$(BUILDDIR)/govulncheck ./...
+
 ###############################################################################
 ###                              Documentation                              ###
 ###############################################################################

diff --git a/cmd/ethermintd/flags.go b/cmd/ethermintd/flags.go
@@ -8,9 +8,7 @@ import (
 	"github.com/evmos/ethermint/version"
 )
 
-const (
-	flagLong = "long"
-)
+const flagLong = "long"
 
 func init() {
 	infoCmd.Flags().Bool(flagLong, false, "Print full information")