ci(github): fold govulncheck into the CI workflow

Move the govulncheck job from security.yml into ci.yml and add it to
the ci-status gate so it shares the CI concurrency group and is covered
by the single required check. Drop the now-redundant security.yml.
This commit is contained in:
Valentin Maerten
2026-07-02 11:04:00 +02:00
parent d1c1e079e9
commit 1ce604da1c
2 changed files with 9 additions and 21 deletions

View File

@@ -97,10 +97,16 @@ jobs:
- name: 📋 Validate JSON Schema
run: check-jsonschema --check-metaschema website/src/public/schema.json
govulncheck:
name: 🛡️ Vulnerabilities
runs-on: ubuntu-latest
steps:
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
ci-status:
name: ✅ CI
runs-on: ubuntu-latest
needs: [build, test, lint, lint-jsonschema]
needs: [build, test, lint, lint-jsonschema, govulncheck]
if: always()
steps:
- name: ✅ Check CI status
@@ -108,7 +114,8 @@ jobs:
if [[ "${{ needs.build.result }}" != "success" ]] || \
[[ "${{ needs.test.result }}" != "success" ]] || \
[[ "${{ needs.lint.result }}" != "success" ]] || \
[[ "${{ needs.lint-jsonschema.result }}" != "success" ]]; then
[[ "${{ needs.lint-jsonschema.result }}" != "success" ]] || \
[[ "${{ needs.govulncheck.result }}" != "success" ]]; then
echo "CI failed"
exit 1
fi

View File

@@ -1,19 +0,0 @@
name: Security
on:
pull_request:
push:
tags:
- v*
branches:
- main
permissions:
contents: read
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4