Consolidate security-check into checks-backend (#21882)

Also, run it via exact version instead of relying on global binary.
2022-11-21 03:39:00 +01:00 · 2022-11-21 03:39:00 +01:00 · 9380bb6d0c
commit 9380bb6d0c
parent 43aafc5ba1
2 changed files with 2 additions and 12 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -39,16 +39,6 @@ steps:
      - make lint-frontend
    depends_on: [deps-frontend]
  - name: security-check
    image: golang:1.19
    pull: always
    commands:
      - make security-check
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go
  - name: lint-backend
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
--- a/4
+++ b/4
@ -333,7 +333,7 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check
 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate
+checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
 .PHONY: lint
 lint: lint-frontend lint-backend
@ -745,7 +745,7 @@ generate-go: $(TAGS_PREREQ)
 .PHONY: security-check
 security-check:
-	govulncheck -v ./...
+	go run $(GOVULNCHECK_PACKAGE) -v ./...
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@