name: govulncheck
on:
  push:
    paths:
      - go.sum
  schedule:
    - cron: "0 0 * * *"

permissions: read-all

jobs:
  govulncheck:
    name: govulncheck
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0
      - name: Add variables to environment file
        run: cat ".github/env" >> "$GITHUB_ENV"
      - name: Setup Go
        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # pin@5.5.0
        with:
          go-version: '${{ env.GOLANG_VERSION }}'
          check-latest: true
      - name: govulncheck
        uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # pin@1.0.4
        with:
          go-package: ./...