on: workflow_call: name: Govulncheck permissions: {} jobs: govulncheck: name: govulncheck runs-on: ubuntu-22.04 strategy: matrix: include: - binary: "kata-runtime" make_target: "runtime" - binary: "containerd-shim-kata-v2" make_target: "containerd-shim-v2" - binary: "kata-monitor" make_target: "monitor" fail-fast: false steps: - name: Checkout the code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 persist-credentials: false - name: Install golang run: | ./tests/install_go.sh -f -p echo "/usr/local/go/bin" >> "${GITHUB_PATH}" - name: Install govulncheck run: | go install golang.org/x/vuln/cmd/govulncheck@latest echo "${HOME}/go/bin" >> "${GITHUB_PATH}" - name: Build runtime binaries run: | cd src/runtime make "${MAKE_TARGET}" env: MAKE_TARGET: ${{ matrix.make_target }} SKIP_GO_VERSION_CHECK: "1" - name: Run govulncheck on ${{ matrix.binary }} env: BINARY: ${{ matrix.binary }} run: | cd src/runtime bash ../../tests/govulncheck-runner.sh "./${BINARY}"