From a4cf9703272b41d38d1150ba16f3a8857c845be7 Mon Sep 17 00:00:00 2001
From: Lyuben Penkovski <lyuben.penkovski@vereign.com>
Date: Thu, 20 Oct 2022 10:53:09 +0000
Subject: [PATCH] Add Go vulnerability checks to CI pipeline

---
 .gitlab-ci.yml    | 17 +++++++++++++++--
 .golangci.yml     |  4 +---
 cmd/cache/main.go |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 621fe8d..8802254 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,7 @@ include:
   - template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
 
 lint:
-  image: golangci/golangci-lint:v1.44.2
+  image: golangci/golangci-lint:v1.50.0
   stage: test
   tags:
     - amd64-docker
@@ -28,13 +28,26 @@ lint:
     - cd /go/src/gitlab.com/${CI_PROJECT_PATH}
 
 unit tests:
-  image: golang:1.17.7
+  image: golang:1.19
   extends: .gotest
   stage: test
   tags:
     - amd64-docker
   before_script: []
 
+govulncheck:
+  image: golang:1.19
+  stage: test
+  tags:
+    - amd64-docker
+  before_script:
+    - ln -s /builds /go/src/gitlab.com
+    - cd /go/src/gitlab.com/${CI_PROJECT_PATH}
+  script:
+    - go version
+    - go install golang.org/x/vuln/cmd/govulncheck@latest
+    - govulncheck ./...
+
 amd64:
   extends: .docker-build
   stage: build
diff --git a/.golangci.yml b/.golangci.yml
index e6ba71d..a31b66b 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -12,7 +12,6 @@ linters:
   enable:
     - megacheck
     - govet
-    - deadcode
     - errcheck
     - goconst
     - gocyclo
@@ -22,10 +21,9 @@ linters:
     - ineffassign
     - nakedret
     - staticcheck
-    - structcheck
     - unconvert
-    - varcheck
     - vet
     - vetshadow
     - misspell
     - staticcheck
+    - unused
diff --git a/cmd/cache/main.go b/cmd/cache/main.go
index 017494b..283b834 100644
--- a/cmd/cache/main.go
+++ b/cmd/cache/main.go
@@ -171,7 +171,7 @@ func exposeMetrics(addr string, logger *zap.Logger) {
 	promMux := http.NewServeMux()
 	promMux.Handle("/metrics", promhttp.Handler())
 	logger.Info(fmt.Sprintf("exposing prometheus metrics at %s/metrics", addr))
-	if err := http.ListenAndServe(addr, promMux); err != nil {
+	if err := http.ListenAndServe(addr, promMux); err != nil { //nolint:gosec
 		logger.Error("error exposing prometheus metrics", zap.Error(err))
 	}
 }
-- 
GitLab