aws · jdn5126 · Oct 15, 2023 · Oct 15, 2023 · Oct 15, 2023
@@ -0,0 +1,46 @@
+name: 'golang-govulncheck-action'
+description: 'Run govulncheck'
+inputs:
+  go-version-input:  # version of Go to use for govulncheck
+    description: 'Version of Go to use for govulncheck'
+    required: false
+  check-latest:
+    description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec'
+    required: false
+    default: false
+  cache:
+    description: 'Used to specify whether Go caching is needed. Set to true, if you would like to enable caching.'
+    required: false
+    default: true
+  go-package:
+    description: 'Go Package to scan with govulncheck'
+    required: false
+    default: './...'
+  work-dir:
+    description: 'Directory in which to run govulncheck'
+    required: false
+    default: '.'
+  repo-checkout:
+    description: "Checkout the repository"
+    required: false
+    default: true
+  go-version-file:
+    description: 'Path to the go.mod or go.work file.'
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
+      uses: actions/checkout@v3
+    - uses: actions/[email protected]
+      with:
+        go-version: ${{ inputs.go-version-input }}
+        check-latest: ${{ inputs.check-latest }}
+        go-version-file: ${{ inputs.go-version-file }}
+        cache: ${{ inputs.cache }}
+    - name: Install govulncheck
+      run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      shell: bash
+    - name: Run govulncheck
+      run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }}
+      shell: bash
@@ -0,0 +1,31 @@
+name: "Dependency Review"
+on: [push, pull_request, workflow_dispatch]
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - id: govulncheck
+        uses: ./.github/actions/govulncheck
+        with:
+          go-version-input: 1.21.3
+          go-version-file: go.mod
+      - id: govulncheck-tests-agent
+        uses: ./.github/actions/govulncheck
+        with:
+          go-version-input: 1.21.3
+          go-version-file: test/agent/go.mod
@@ -0,0 +1,35 @@
+package ipamd
+
+import (
+	"github.com/aws/amazon-vpc-cni-k8s/test/framework"
+	"github.com/aws/aws-sdk-go/service/ec2"
+)
+
+var primaryInstance *ec2.Instance
+var f *framework.Framework
+var err error
+
+func ceil(x, y int) int {
+	return (x + y - 1) / y
+}
+
+func Max(x, y int) int {
+	if x < y {
+		return y
+	}
+	return x
+}
+
+// MinIgnoreZero returns smaller of two number, if any number is zero returns the other number
+func MinIgnoreZero(x, y int) int {
+	if x == 0 {
+		return y
+	}
+	if y == 0 {
+		return x
+	}
+	if x < y {
+		return x
+	}
+	return y
+}
@@ -18,7 +18,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/aws/aws-sdk-go/service/ec2"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	v1 "k8s.io/api/apps/v1"
@@ -29,10 +28,6 @@ import (
 	"github.com/aws/amazon-vpc-cni-k8s/test/framework/utils"
 )
 
-var primaryInstance *ec2.Instance
-var f *framework.Framework
-var err error
-
 const (
 	CoreDNSDeploymentName = "coredns"
 	KubeSystemNamespace   = "kube-system"
@@ -126,28 +121,3 @@ var _ = AfterSuite(func() {
 	f.K8sResourceManagers.NamespaceManager().
 		DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
 })
-
-func ceil(x, y int) int {
-	return (x + y - 1) / y
-}
-
-func Max(x, y int) int {
-	if x < y {
-		return y
-	}
-	return x
-}
-
-// MinIgnoreZero returns smaller of two number, if any number is zero returns the other number
-func MinIgnoreZero(x, y int) int {
-	if x == 0 {
-		return y
-	}
-	if y == 0 {
-		return x
-	}
-	if x < y {
-		return x
-	}
-	return y
-}