deploy: Add vulncheck stage to build - Add vulncheck step to internal build process. - Maintain parity with Github action govulncheck.yaml Change-Id: I4126dd9e1413fd233b866cb06fa4a7cf0ad6ae1a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/694136 Auto-Submit: Ethan Lee <ethanalee@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Markus Kusano <kusano@google.com>

commit: cefe99577fa2bee60bcef1145c7d67c2e86d9815 [log] [tgz]
author: Ethan Lee <ethanalee@google.com> Thu Aug 07 19:07:02 2025 +0000
committer: Gopher Robot <gobot@golang.org> Thu Aug 07 16:39:32 2025 -0700
tree: f68a15a6d0697dfb9360963212e98d6e07bb5854
parent: 02da6f9443f8860f3f94b1a299ad5e21358efe77 [diff]
diff --git a/deploy/build.yaml b/deploy/build.yaml
index 5e986af..a6cfe8c 100644
--- a/deploy/build.yaml
+++ b/deploy/build.yaml

@@ -29,6 +29,17 @@
       - -ec
       - go test ./...
 
+  - id: Govulncheck
+    name: golang:1.23.0
+    entrypoint: bash
+    args:
+    - -ec
+    - |
+      echo "Installing govulncheck..."
+      go install golang.org/x/vuln/cmd/govulncheck@latest
+      echo "Running govulncheck..."
+      govulncheck ./...
+
   - id: CopyExisting
     name: gcr.io/cloud-builders/gsutil
     entrypoint: bash
commit	cefe99577fa2bee60bcef1145c7d67c2e86d9815	[log] [tgz]
author	Ethan Lee <ethanalee@google.com>	Thu Aug 07 19:07:02 2025 +0000
committer	Gopher Robot <gobot@golang.org>	Thu Aug 07 16:39:32 2025 -0700
tree	f68a15a6d0697dfb9360963212e98d6e07bb5854
parent	02da6f9443f8860f3f94b1a299ad5e21358efe77 [diff]