ci: add audit setup

Author: arsham

.github/workflows/go.yml

@@ -2,7 +2,10 @@ name: Continues Integration
 
 on:
   push:
-    branches: [master]
+    branches:
+      - master
+      - feature/*
+      - bugfix/*
   pull_request:
     branches:
       - master
@@ -47,9 +50,25 @@ jobs:
           flags: unittests
           name: codecov-umbrella
 
-  lint:
+  audit:
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
 
+      - name: Set up Go ${{ matrix.go }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: WriteGoList
+        run: go list -json -deps > go.list
+
+      - name: Nancy
+        uses: sonatype-nexus-community/nancy-github-action@main
+
+  lint:
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
         uses: actions/checkout@v2

Makefile

@@ -33,6 +33,11 @@ dependencies: ## Install dependencies requried for development operations.
 	@go get github.com/stretchr/testify/mock
 	@go get github.com/vektra/mockery/.../
 	@go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.0
+	@go install github.com/psampaz/go-mod-outdated@latest
+	@go install github.com/jondot/goweight@latest
+	@go get -t -u golang.org/x/tools/cmd/cover
+	@go get -t -u github.com/sonatype-nexus-community/nancy@latest
+	@go get -u ./...
 	@go mod tidy
 
 .PHONY: clean
@@ -49,3 +54,9 @@ coverage: ## Show the test coverage on browser.
 	go test -covermode=count -coverprofile=coverage.out ./...
 	go tool cover -func=coverage.out | tail -n 1
 	go tool cover -html=coverage.out
+
+.PHONY: audit
+audit: ## Audit the code for updates, vulnerabilities and binary weight.
+	go list -u -m -json all | go-mod-outdated -update -direct
+	go list -json -deps | nancy sleuth
+	goweight | head -n 20