Skip to content

Add govulncheck job to lint workflow and fix matrix job result syntax #6435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mohammedfirdouss wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add govulncheck job to lint workflow and fix matrix job result syntax #6435

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1f11737
feat: add dependabot configuration for gomod updates
mohammedfirdouss Jan 15, 2026
148b5a3
Add govulncheck job to lint workflow and fix matrix job result syntax
mohammedfirdouss Jan 15, 2026
6639de4
Merge branch 'master' into feat/add-dependabot-govulncheck
mohammedfirdouss Jan 17, 2026
b61d096
test CI workflow for govulncheck
mohammedfirdouss Jan 19, 2026
1f81585
update setup-go action version and improve message formatting
mohammedfirdouss Jan 19, 2026
c6f138a
Merge branch 'master' into feat/add-dependabot-govulncheck
mohammedfirdouss Jan 29, 2026
011ecd3
Merge branch 'master' into feat/add-dependabot-govulncheck
mohammedfirdouss Mar 18, 2026
04285d3
fix: update Go version to 1.25.8 to fix govulncheck vulnerabilities
mohammedfirdouss Mar 18, 2026
5cdef2c
chore: update dependencies to latest versions in go.mod and go.sum
mohammedfirdouss Mar 18, 2026
1ab6a44
ci: make govulncheck warn-only until vulnerabilities are fixed
mohammedfirdouss Mar 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
version: 2
updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 5

- package-ecosystem: "gomod"
directory: "/pkg/plugin/sdk"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/tool/actions-gh-release"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/tool/actions-plan-preview"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/tool/codegen/protoc-gen-auth"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/kubernetes"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/kubernetes_multicluster"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/terraform"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/cloudrun"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/scriptrun"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/analysis"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/wait"
schedule:
interval: "weekly"

- package-ecosystem: "gomod"
directory: "/pkg/app/pipedv1/plugin/waitapproval"
schedule:
interval: "weekly"

- package-ecosystem: "npm"
directory: "/web"
schedule:
interval: "weekly"
open-pull-requests-limit: 5

- package-ecosystem: "npm"
directory: "/docs"
schedule:
interval: "monthly"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
24 changes: 12 additions & 12 deletions .github/workflows/first-time-contributor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,18 +36,18 @@ jobs:
return;
}

const body = `
👋 Hi @${prAuthor}, thanks for opening your first pull request to **PipeCD**!

Here are a few helpful resources to get started:
- Contributing guide: \`CONTRIBUTING.md\`
- Common commands:
- \`make test\`
- \`make lint\`

If you have any questions, feel free to ask in this PR.
Thanks for contributing!
`;
const body = [
`👋 Hi @${prAuthor}, thanks for opening your first pull request to **PipeCD**!`,
'',
'Here are a few helpful resources to get started:',
'- Contributing guide: `CONTRIBUTING.md`',
'- Common commands:',
' - `make test`',
' - `make lint`',
'',
'If you have any questions, feel free to ask in this PR.',
'Thanks for contributing!'
].join('\n');

await github.rest.issues.createComment({
owner,
Expand Down
35 changes: 30 additions & 5 deletions .github/workflows/lint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,7 @@ jobs:
# if jobs in the 'go' job matrix failed or were cancelled, this job will fail
# otherwise this job is marked as successful because all steps are skipped
run: exit 1
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
}}
if: needs.go.result != 'success'

web:
runs-on: ubuntu-24.04
Expand Down Expand Up @@ -100,3 +96,32 @@ jobs:

- name: Lint all Helm charts
run: make lint/helm

govulncheck:
runs-on: ubuntu-24.04
needs: list-go-modules
strategy:
fail-fast: false
matrix:
module: ${{ fromJSON(needs.list-go-modules.outputs.modules) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
working-directory: ${{ matrix.module }}
run: govulncheck ./...

govulncheck-completed:
runs-on: ubuntu-24.04
if: always()
needs: govulncheck
steps:
- name: Check if all govulncheck jobs succeeded
# if jobs in the 'govulncheck' job matrix failed or were cancelled, this job will fail
# otherwise this job is marked as successful because all steps are skipped.
run: exit 1
if: needs.govulncheck.result != 'success'
Loading