Add weekly govulncheck workflow

Signed-off-by: Lennart Jern <[email protected]>

Author: lentzi90

.github/workflows/security-scan.yaml

@@ -0,0 +1,30 @@
+name: Weekly security scan
+
+on:
+  workflow_dispatch:
+  schedule:
+  # Cron for every Monday at 4:12 UTC.
+  - cron: "12 4 * * 1"
+
+# Remove all permissions from GITHUB_TOKEN except metadata.
+permissions: {}
+
+jobs:
+  scan:
+    strategy:
+      fail-fast: false
+      matrix:
+        branch: [master, release-1.33, release-1.32, release-1.31]
+    name: Verify security
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/[email protected]
+      with:
+        ref: ${{ matrix.branch }}
+    - name: Set up Go
+      uses: actions/[email protected]
+      with:
+        go-version-file: go.mod
+    - name: Run verify security target
+      run: make verify-security

Makefile

@@ -103,6 +103,9 @@ vet: check
 cover: work
 	go test -tags=unit $(shell go list ./...) -cover
 
+verify-security: work
+	go run golang.org/x/vuln/cmd/[email protected] ./...
+
 docs:
 	@echo "$@ not yet implemented"