CI:add go vulnerability detect

Signed-off-by: Sam Yuan <[email protected]>

Author: SamYuan1990

.github/workflows/govulnerability.yml

@@ -0,0 +1,15 @@
+name: go vulnerability detect
+
+on:
+  pull_request:
+
+jobs:
+  vulnerability_detect:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: actions/setup-go@main
+        with:
+          go-version: 1.18
+      - name: run vulnerability detect
+        run: make govulncheck

Makefile

@@ -144,6 +144,12 @@ test-verbose: ginkgo-set tidy-vendor
 escapes_detect: tidy-vendor
 	@go build -tags $(GO_BUILD_TAGS) -gcflags="-m -l" ./... | grep "escapes to heap" || true
 
+set_govulncheck:
+	@go install golang.org/x/vuln/cmd/govulncheck@latest
+
+govulncheck: set_govulncheck tidy-vendor
+	@govulncheck -v ./... || true
+
 format:
 	gofmt -e -d -s -l -w pkg/ cmd/