From a2cba2ea94901563c9b820f1bd500481b5c70a03 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Wed, 11 Jun 2025 19:10:20 -0700
Subject: [PATCH] ci: add govulncheck job

The main idea here is to find any possible vulnerabilities in
dependencies that would require upgrades.

Note that this setup ignores Go stdlib vulnerabilities by using latest
Go version (which is a default for govulncheck-action), as this is a
library and we should not care much about specific Go version used.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 .github/workflows/validate.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 4ce3dcc24..8d715ed50 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -51,3 +51,8 @@ jobs:
 
     - name: validate seccomp
       run: ./tools/validate_seccomp.sh ./pkg/seccomp
+
+  govulncheck:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: golang/govulncheck-action@v1