added gosec & govulncheck

.github/workflows/issues.yml

@@ -1,10 +1,13 @@
-# Add all the issues created to the project. 
-name: Add all issues to Project
+# Add issues or pull-requests created to the project. 
+name: Add issue or pull request to Project
 
 on:
   issues:
     types:
       - opened
+  pull_request:
+    types:
+      - opened
 
 jobs:
   add-to-project:

.github/workflows/test.yml

@@ -1,5 +1,5 @@
 name: CI
-on: 
+on:
   push:
     branches:
       - main
@@ -13,8 +13,8 @@ permissions:
 jobs:
   verify-and-test:
     strategy:
-      matrix: 
-        go: ['1.18', '1.19','1.20']
+      matrix:
+        go: ['1.19','1.20']
         os: [ubuntu-latest, macos-latest, windows-latest]
       fail-fast: true
     runs-on: ${{ matrix.os }}
@@ -27,14 +27,29 @@ jobs:
         with:
           go-version: ${{ matrix.go }}
           cache: false
-      
-      - name: Verify
+
+      - name: Run GolangCI-Lint
         uses: golangci/golangci-lint-action@v3
-        with: 
+        with:
           version: v1.53
           args: --timeout=5m
-
-      - name: Test
-        run: go test -race --coverprofile=coverage.txt --covermode=atomic -v ./...
+
+      - name: Run GoSec
+        if: matrix.os == 'ubuntu-latest'
+        uses: securego/gosec@master
+        with:
+          args: ./...
+
+      - name: Run GoVulnCheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: ${{ matrix.go }}
+          go-package: ./...
+
+      - name: Run Tests
+        run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./...
+
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v3
+        with:
+          files: ./coverage

.gitignore

@@ -0,0 +1 @@
+coverage.coverprofile

Makefile

@@ -1,33 +1,36 @@
-SHELL := /bin/bash
+GO_LINT=$(shell which golint 2> /dev/null || echo '')
+GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 
-# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
-ifeq (,$(shell go env GOBIN))
-GOBIN=$(shell go env GOPATH)/bin
-else
-GOBIN=$(shell go env GOBIN)
-endif
+# Resolving binary dependencies for specific targets
+GO_SEC=$(shell which gosec 2> /dev/null || echo '')
+GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest
 
-# LINT is the path to the golangci-lint binary
-LINT = $(shell which golangci-lint)
+# Resolving binary dependencies for specific targets
+GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
+GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest
 
 .PHONY: golangci-lint
 golangci-lint:
-ifeq (, $(LINT))
-  ifeq (, $(shell which golangci-lint))
-	@{ \
-	set -e ;\
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ;\
-	}
-  override LINT=$(GOBIN)/golangci-lint
-  else
-  override LINT=$(shell which golangci-lint)
-  endif
-endif
+	$(if $(GO_LINT), ,go install $(GO_LINT_URI))
+	@echo "##### Running golangci-lint"
+	golangci-lint run -v
+
+.PHONY: gosec
+gosec:
+	$(if $(GO_SEC), ,go install $(GO_SEC_URI))
+	@echo "##### Running gosec"
+	gosec ./...
+
+.PHONY: govulncheck
+govulncheck:
+	$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
+	@echo "##### Running govulncheck"
+	govulncheck ./...
 
 .PHONY: verify
-verify: golangci-lint
-	$(LINT) run
+verify: golangci-lint gosec govulncheck
 
 .PHONY: test
 test:
-	go test -race --coverprofile=coverage.coverprofile --covermode=atomic -v ./...
+	@echo "##### Running tests"
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...

README.md

@@ -1,8 +1,10 @@
 # gorilla/mux
 
-[![GoDoc](https://godoc.org/github.com/gorilla/mux?status.svg)](https://godoc.org/github.com/gorilla/mux)
-[![CircleCI](https://circleci.com/gh/gorilla/mux.svg?style=svg)](https://circleci.com/gh/gorilla/mux)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/mux?badge)
+![testing](https://github.com/gorilla/mux/actions/workflows/test.yml/badge.svg)
+[![codecov](https://codecov.io/github/gorilla/mux/branch/master/graph/badge.svg)](https://codecov.io/github/gorilla/mux)
+[![godoc](https://godoc.org/github.com/gorilla/mux?status.svg)](https://godoc.org/github.com/gorilla/mux)
+[![sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/mux?badge)
+
 
 ![Gorilla Logo](https://cloud-cdn.questionable.services/gorilla-icon-64.png)