Consolidate security-check into checks-backend (#21882)
Also, run it via exact version instead of relying on global binary.
This commit is contained in:
parent
43aafc5ba1
commit
9380bb6d0c
10
.drone.yml
10
.drone.yml
|
@ -39,16 +39,6 @@ steps:
|
|||
- make lint-frontend
|
||||
depends_on: [deps-frontend]
|
||||
|
||||
- name: security-check
|
||||
image: golang:1.19
|
||||
pull: always
|
||||
commands:
|
||||
- make security-check
|
||||
depends_on: [deps-backend]
|
||||
volumes:
|
||||
- name: deps
|
||||
path: /go
|
||||
|
||||
- name: lint-backend
|
||||
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
|
||||
pull: always
|
||||
|
|
4
Makefile
4
Makefile
|
@ -333,7 +333,7 @@ checks: checks-frontend checks-backend
|
|||
checks-frontend: lockfile-check svg-check
|
||||
|
||||
.PHONY: checks-backend
|
||||
checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate
|
||||
checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
|
||||
|
||||
.PHONY: lint
|
||||
lint: lint-frontend lint-backend
|
||||
|
@ -745,7 +745,7 @@ generate-go: $(TAGS_PREREQ)
|
|||
|
||||
.PHONY: security-check
|
||||
security-check:
|
||||
govulncheck -v ./...
|
||||
go run $(GOVULNCHECK_PACKAGE) -v ./...
|
||||
|
||||
$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
|
||||
|
|
Loading…
Reference in New Issue