fix: split lint and security checks into different workflows

canonical · Jun 2, 2023 · 4360fb4 · 4360fb4
1 parent c013935
commit 4360fb4
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 20 deletions.
diff --git a/.github/workflows/linter.yml → .github/workflows/lint.yaml b/.github/workflows/linter.yml → .github/workflows/lint.yaml
@@ -1,4 +1,4 @@
-name: Lint and security checks
+name: Lint
 
 on:
   workflow_dispatch:
@@ -29,22 +29,3 @@ jobs:
         with:
           version: v1.52.2
           args: --disable-all --enable errcheck,staticcheck,unused
-
-  security-check:
-    name: Security check
-    runs-on: ubuntu-22.04
-    env:
-      GO111MODULE: on
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Run Gosec security scanner
-        uses: securego/gosec@master
-        with:
-          args: '-fmt sarif -out results.sarif -stdout -verbose text -severity medium ./...'
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
-        if: always()
-        with:
-          sarif_file: results.sarif
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,29 @@
+name: Security
+
+on:
+  workflow_dispatch:
+  push:
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    branches: [main]
+
+jobs:
+  go-sec:
+    name: Gosec
+    runs-on: ubuntu-22.04
+    env:
+      GO111MODULE: on
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run Gosec security scanner
+        uses: securego/gosec@master
+        with:
+          args: '-fmt sarif -out results.sarif -stdout -verbose text -severity medium ./...'
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: results.sarif