From 1ce604da1c688de3b14880a6547d4a26e201f012 Mon Sep 17 00:00:00 2001 From: Valentin Maerten Date: Thu, 2 Jul 2026 11:04:00 +0200 Subject: [PATCH] ci(github): fold govulncheck into the CI workflow Move the govulncheck job from security.yml into ci.yml and add it to the ci-status gate so it shares the CI concurrency group and is covered by the single required check. Drop the now-redundant security.yml. --- .github/workflows/ci.yml | 11 +++++++++-- .github/workflows/security.yml | 19 ------------------- 2 files changed, 9 insertions(+), 21 deletions(-) delete mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 77355274..632a6384 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -97,10 +97,16 @@ jobs: - name: 📋 Validate JSON Schema run: check-jsonschema --check-metaschema website/src/public/schema.json + govulncheck: + name: 🛡️ Vulnerabilities + runs-on: ubuntu-latest + steps: + - uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 + ci-status: name: ✅ CI runs-on: ubuntu-latest - needs: [build, test, lint, lint-jsonschema] + needs: [build, test, lint, lint-jsonschema, govulncheck] if: always() steps: - name: ✅ Check CI status @@ -108,7 +114,8 @@ jobs: if [[ "${{ needs.build.result }}" != "success" ]] || \ [[ "${{ needs.test.result }}" != "success" ]] || \ [[ "${{ needs.lint.result }}" != "success" ]] || \ - [[ "${{ needs.lint-jsonschema.result }}" != "success" ]]; then + [[ "${{ needs.lint-jsonschema.result }}" != "success" ]] || \ + [[ "${{ needs.govulncheck.result }}" != "success" ]]; then echo "CI failed" exit 1 fi diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index af8d9b89..00000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Security - -on: - pull_request: - push: - tags: - - v* - branches: - - main - -permissions: - contents: read - -jobs: - govulncheck: - name: govulncheck - runs-on: ubuntu-latest - steps: - - uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4