name: Go Vulnerability Checker
on: [push, pull_request]
permissions: read-all
jobs:
  goversion:
    uses: ./.github/workflows/go-version.yaml
  test:
    runs-on: ubuntu-latest
    needs: goversion
    steps:
      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
        with:
          go-version: ${{ needs.goversion.outputs.goversion }}
      - run: date
      - run: |
          set -euo pipefail

          go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...