# @format

name: Vulnerability Check
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  vulncheck:
    name: Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.21.4
          check-latest: true
      - name: Get official govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
        shell: bash
      - name: Run govulncheck
        run: govulncheck ./...
        shell: bash

  react-code-known-vulnerabilities:
    name: "React Code Has No Known Vulnerable Deps"
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [ 1.21.4 ]
        os: [ ubuntu-latest ]
    steps:
      - name: Check out code
        uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NVMRC }}
          cache: "yarn"
          cache-dependency-path: portal-ui/yarn.lock
      - name: Checks for known security issues with the installed packages
        working-directory: ./portal-ui
        continue-on-error: false
        run: |
          yarn audit --groups dependencies