Skip to content

patch: add write permission for sarif file #826

patch: add write permission for sarif file

patch: add write permission for sarif file #826

Workflow file for this run

#
# Copyright Red Hat
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Validate PRs
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Declare default permissions as read only.
permissions: read-all
jobs:
build:
name: Build
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Go environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
id: go
- name: Check go mod status
run: |
make gomod_tidy
if [[ ! -z $(git status -s) ]]
then
echo "Go mod state is not clean"
git diff "$GITHUB_SHA"
exit 1
fi
- name: Build Binary
run: make bin
- name: Check format
run: |
make gofmt
if [[ ! -z $(git status -s) ]]
then
echo "not well formatted sources are found : $(git status -s)"
exit 1
fi
- name: Check license
run: |
go install github.com/google/addlicense@latest
git reset HEAD --hard
make check_license
if [[ $? != 0 ]]
then
echo "not well formatted sources are found:"
git --no-pager diff
exit 1
fi
- name: Run Go Tests
run: make test
- name: Run Gosec Security Scanner
run: |
go install github.com/securego/gosec/v2/cmd/[email protected]
make gosec
if [[ $? != 0 ]]
then
echo "gosec scanner failed to run "
exit 1
fi
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: gosec.sarif
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4