github.com/redhat-appstudio/release-service@v0.0.0-20240507143925-083712697924/.github/workflows/gosec.yaml (about) 1 --- 2 name: Go Test on Pull Requests 3 on: # yamllint disable-line rule:truthy 4 pull_request: 5 types: 6 - opened 7 - synchronize 8 - reopened 9 paths: 10 - '**.go' 11 workflow_dispatch: 12 jobs: 13 gosec: 14 name: Check GO security 15 runs-on: ubuntu-20.04 16 steps: 17 - name: Check out code 18 uses: actions/checkout@v4 19 with: 20 fetch-depth: 1 21 ref: ${{ github.event.pull_request.head.sha }} 22 - name: Run Gosec Security Scanner 23 id: gosec 24 uses: securego/gosec@master 25 with: 26 args: -exclude-generated ./... 27 env: 28 GOROOT: "" 29 continue-on-error: true 30 - name: Run Gosec Security Scanner - save SARIF 31 id: gosec-sarif 32 uses: securego/gosec@master 33 with: 34 # we let the report trigger a failure using the GitHub Security features. 35 args: -exclude-generated -fmt sarif -out results.sarif ./... 36 env: 37 GOROOT: "" 38 continue-on-error: true 39 - name: Upload SARIF file 40 uses: github/codeql-action/upload-sarif@v3 41 with: 42 sarif_file: results.sarif 43 - name: Check gosec result 44 run: | 45 if [ "${{ steps.gosec-sarif.outcome }}" != "success" ] 46 then 47 echo "Gosec failed. The errors and warnings should be displayed in the PR." 48 exit 1 49 fi