Use commit hash with actions (#203)

Signed-off-by: Jeroen Simonetti <[email protected]>
jsimonetti · Nov 27, 2023 · 13375a6 · 13375a6
1 parent 889c07b
commit 13375a6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 15 deletions.
diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml
@@ -10,13 +10,13 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
       with:
         go-version: ${{ matrix.go-version }}
       id: go
 
     - name: Checkout code
-      uses: actions/[email protected]
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Download dependencies
       run: go mod download
@@ -38,13 +38,13 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
       with:
         go-version: ${{ matrix.go-version }}
       id: go
 
     - name: Checkout code
-      uses: actions/[email protected]
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Download dependencies
       run: go mod download
@@ -57,3 +57,18 @@ jobs:
 
     - name: Test Integration
       run: sudo -E env PATH=$PATH go test -v -tags=integration ./...
+  govuln_check:
+    name: Check for vulnerabilities
+    strategy:
+      matrix:
+        go-version: [1.20.x, 1.21.x]
+        platform: [ubuntu-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+    - name: Check for vulnerabilities
+      id: govulncheck
+      uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4
+      with:
+        cache: false
+        go-version-input: ${{ matrix.go-version }}
+        go-package: ./...
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml