From 24b5a384d213a50b900acc896c9d34af934f59ac Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sun, 11 Sep 2022 15:02:18 +0800 Subject: [PATCH] chore(security): Support Go Vulnerability Management (#21139) See https://go.dev/security/vuln/ Signed-off-by: Bo-Yi.Wu Signed-off-by: Bo-Yi.Wu --- .drone.yml | 10 ++++++++++ Makefile | 6 ++++++ 2 files changed, 16 insertions(+) diff --git a/.drone.yml b/.drone.yml index e035f57af9..95d4032413 100644 --- a/.drone.yml +++ b/.drone.yml @@ -39,6 +39,16 @@ steps: - make lint-frontend depends_on: [deps-frontend] + - name: security-check + image: golang:1.19 + pull: always + commands: + - make security-check + depends_on: [deps-backend] + volumes: + - name: deps + path: /go + - name: lint-backend image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env pull: always diff --git a/Makefile b/Makefile index 3662e836aa..e258ac748f 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,7 @@ MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0 +GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest DOCKER_IMAGE ?= gitea/gitea DOCKER_TAG ?= latest @@ -728,6 +729,10 @@ generate-go: $(TAGS_PREREQ) @echo "Running go generate..." @CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES) +.PHONY: security-check +security-check: + govulncheck -v ./... + $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@ @@ -813,6 +818,7 @@ deps-backend: $(GO) install $(SWAGGER_PACKAGE) $(GO) install $(XGO_PACKAGE) $(GO) install $(GO_LICENSES_PACKAGE) + $(GO) install $(GOVULNCHECK_PACKAGE) node_modules: package-lock.json npm install --no-save