github.com/jfrog/jfrog-cli-core/v2@v2.51.0/.github/workflows/analysis.yml

github.com/jfrog/jfrog-cli-core/v2@v2.51.0/.github/workflows/analysis.yml (about)

     1  name: "Static Analysis"
     2  on:
     3    push:
     4      branches:
     5        - '**'
     6      tags-ignore:
     7        - '**'
     8    pull_request:
     9  jobs:
    10    Static-Check:
    11      runs-on: ubuntu-latest
    12      steps:
    13        - name: Checkout Source
    14          uses: actions/checkout@v4
    15  
    16        - name: Setup Go
    17          uses: actions/setup-go@v5
    18          with:
    19            go-version: 1.20.x
    20            cache: false
    21  
    22        - name: Static Code Analysis
    23          uses: golangci/golangci-lint-action@v4
    24          with:
    25            args: |
    26              --timeout 5m --out-${NO_FUTURE}format colored-line-number --enable errcheck,gosimple,govet,ineffassign,staticcheck,typecheck,unused,gocritic,asasalint,asciicheck,errchkjson,exportloopref,forcetypeassert,makezero,nilerr,unparam,unconvert,wastedassign,usestdlibvars 
    27  
    28  
    29    Go-Sec:
    30      runs-on: ubuntu-latest
    31      steps:
    32        - name: Checkout Source
    33          uses: actions/checkout@v4
    34  
    35        - name: Setup Go
    36          uses: actions/setup-go@v5
    37          with:
    38            go-version: 1.20.x
    39            cache: false
    40  
    41        - name: Run Gosec Security Scanner
    42          # Temporarily set version 2.18.0 to workaround https://github.com/securego/gosec/issues/1046
    43          uses: securego/gosec@v2.18.0
    44          with:
    45            args: -exclude G204,G301,G302,G304,G306 -tests -exclude-dir \.*test\.* ./...