name: govulncheck on: schedule: - cron: "0 12 * * *" # 8am EST / 10am PST / 12pm UTC workflow_dispatch: # allow manual trigger for testing pull_request: paths: - ".github/workflows/govulncheck.yml" jobs: source-scan: runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory uses: actions/checkout@v4 - name: Install govulncheck run: ./tool/go install golang.org/x/vuln/cmd/govulncheck@latest - name: Scan source code for known vulnerabilities run: PATH=$PWD/tool/:$PATH "$(./tool/go env GOPATH)/bin/govulncheck" -test ./... - uses: ruby/action-slack@v3.2.1 with: payload: > { "attachments": [{ "title": "${{ job.status }}: ${{ github.workflow }}", "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", "text": "${{ github.repository }}@${{ github.sha }}", "color": "danger" }] } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} if: failure() && github.event_name == 'schedule'