name: Vulnerability Check

on: [push, pull_request]

jobs:
  go-versions:
    name: Get stable Go versions
    runs-on: ubuntu-latest
    outputs:
      version-list: ${{ steps.go-dev-stable-versions.outputs.version-list }}
    steps:
      - name: List the latest stable versions of Go
        id: go-dev-stable-versions
        run: |
          versions_json=$(curl -s https://go.dev/dl/?mode=json | jq '.[].version' | sed -e 's/^"go/"/' | jq -s -c '.')
          echo "version-list=$versions_json" >> $GITHUB_OUTPUT

      - name: Notify on go-dev-stable-versions
        run: echo "::notice::version-list is ${{ steps.go-dev-stable-versions.outputs.version-list }}"

  test:
    needs: [go-versions]
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        go: ${{ fromJson(needs.go-versions.outputs.version-list) }}
    name: Vulnerability Check with Go ${{ matrix.go }} on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    env:
      DISPLAY: ':99.0'
    defaults:
      run:
        shell: bash
    steps:
      - name: Git
        run: |
          # See actions/checkout#135
          git config --global core.autocrlf false
          git config --global core.eol lf

      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version: ${{ matrix.go }}

      - name: Install govulncheck
        run: |
          go install golang.org/x/vuln/cmd/govulncheck@latest

      - name: Install dependencies
        if: runner.os == 'Linux'
        run: |
          sudo apt-get update
          sudo apt-get install libasound2-dev libgl1-mesa-dev libxcursor-dev libxi-dev libxinerama-dev libxrandr-dev libxxf86vm-dev

      - name: govulncheck
        run: |
          govulncheck ./...
          env GOOS=js GOARCH=wasm govulncheck ./...