Add a govulncheck job.

[porridge]

Description

https://go.dev/blog/vuln

Checklist

• Investigated and inspected CI test results
• Unit test and regression tests added
• Evaluated and added CHANGELOG entry if required
• Determined and documented upgrade steps
• Documented user facing changes (create PR based on openshift/openshift-docs and merge into rhacs-docs)

Testing Performed

Relying on CI.

[roxbot]

Images are ready for the commit at 84df2d3.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.0.x-561-g2a012174ab.

[janisz]

Let's get back to it once we get rid of cgo and maybe this check will be added to golangci-lint

[janisz]

So golangci will not integrate this check

• Add golang.org/x/vuln/vulncheck as a linter golangci/golangci-lint#3094

I've created a PR that scans binaries not code and it's working

• fix(ci): scan go binaries #8653

[porridge]

FTR it's currently crashing when scanning operator source.

• x/vuln: panic: interface conversion: types.Type is *types.Interface, not *types.Tuple golang/go#64112

[RTann]

@porridge can we close this? I believe we have it now :)

[porridge]

@RTann govulncheck has at least two functionalities - source scanning and binary scanning, I believe the job we have is only using one of them (the latter). This is about the former one.