Mukan Erkin Törük
20afb5db80
Some checks failed
Build SimApp / build (amd64) (push) Waiting to run
Build SimApp / build (arm64) (push) Waiting to run
CodeQL / Analyze (push) Waiting to run
Build & Push / build (push) Waiting to run
Run Gosec / Gosec (push) Waiting to run
Lint / golangci-lint (push) Waiting to run
Checks dependencies and mocks generation / Check go mod tidy (push) Waiting to run
Checks dependencies and mocks generation / Check up to date mocks (push) Waiting to run
System Tests / setup (push) Waiting to run
System Tests / test-system (push) Blocked by required conditions
System Tests / test-system-legacy (push) Blocked by required conditions
Tests / Code Coverage / split-test-files (push) Waiting to run
Tests / Code Coverage / tests (00) (push) Blocked by required conditions
Tests / Code Coverage / tests (01) (push) Blocked by required conditions
Tests / Code Coverage / tests (02) (push) Blocked by required conditions
Tests / Code Coverage / tests (03) (push) Blocked by required conditions
Tests / Code Coverage / test-integration (push) Waiting to run
Tests / Code Coverage / test-e2e (push) Waiting to run
Tests / Code Coverage / repo-analysis (push) Blocked by required conditions
Tests / Code Coverage / test-sim-nondeterminism (push) Waiting to run
Tests / Code Coverage / test-clientv2 (push) Waiting to run
Tests / Code Coverage / test-core (push) Waiting to run
Tests / Code Coverage / test-depinject (push) Waiting to run
Tests / Code Coverage / test-errors (push) Waiting to run
Tests / Code Coverage / test-math (push) Waiting to run
Tests / Code Coverage / test-schema (push) Waiting to run
Tests / Code Coverage / test-collections (push) Waiting to run
Tests / Code Coverage / test-cosmovisor (push) Waiting to run
Tests / Code Coverage / test-confix (push) Waiting to run
Tests / Code Coverage / test-store (push) Waiting to run
Tests / Code Coverage / test-log (push) Waiting to run
Tests / Code Coverage / test-x-tx (push) Waiting to run
Tests / Code Coverage / test-x-nft (push) Waiting to run
Tests / Code Coverage / test-x-circuit (push) Waiting to run
Tests / Code Coverage / test-x-feegrant (push) Waiting to run
Tests / Code Coverage / test-x-evidence (push) Waiting to run
Tests / Code Coverage / test-x-upgrade (push) Waiting to run
Tests / Code Coverage / test-tools-benchmark (push) Waiting to run
Build & Push SDK Proto Builder / build (push) Has been cancelled
46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
name: "Dependency Review"
|
|
on:
|
|
pull_request:
|
|
merge_group:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
dependency-review:
|
|
runs-on: depot-ubuntu-22.04-4
|
|
steps:
|
|
- name: "Checkout Repository"
|
|
uses: actions/checkout@v4
|
|
- name: "Setup Go"
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: "1.24"
|
|
check-latest: true
|
|
- name: "Dependency Review"
|
|
uses: actions/dependency-review-action@v4
|
|
with:
|
|
base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
|
|
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
fail-on-severity: high
|
|
- name: "Dependency audit"
|
|
run: ./scripts/dep-assert.sh
|
|
- name: "Go vulnerability check"
|
|
id: govuln
|
|
run: |
|
|
# Run the vulnerability check and capture its output (ignoring non-zero exit codes)
|
|
make vulncheck 2>&1 | tee govulncheck-output.txt || true
|
|
|
|
# Extract vulnerability identifiers from the output (e.g., GO-2025-3443)
|
|
vulnerabilities=$(grep -o 'GO-[0-9]\{4\}-[0-9]\+' govulncheck-output.txt | sort | uniq)
|
|
echo "Detected vulnerabilities: $vulnerabilities"
|
|
|
|
# Check if any vulnerability other than GO-2025-3443 exists
|
|
for vuln in $vulnerabilities; do
|
|
if [ "$vuln" != "GO-2025-3443" ]; then
|
|
echo "Found vulnerability $vuln, failing..."
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
echo "Only known vulnerability (GO-2025-3443) present. Continuing."
|