Support resharing and performance optimization #1

Workflow file for this run

.github/workflows/security.yml at 83c3761

	name: Security Checks

	on:
	push:
	branches: [ main, develop, master ]
	pull_request:
	branches: [ main, develop, master ]
	schedule:
	# Run security scans daily at 2 AM UTC
	- cron: '0 2 * * *'

	permissions:
	contents: read
	security-events: write
	actions: read

	jobs:
	gosec:
	name: Run Gosec Security Scanner
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.23'

	- name: Cache Go modules
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	- name: Download dependencies
	run: go mod download

	- name: Run Gosec Security Scanner
	uses: securecodewarrior/github-action-gosec@master
	with:
	args: '-fmt sarif -out gosec.sarif -stdout -verbose=text ./...'

	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: gosec.sarif

	- name: Run Gosec with JSON output
	run: \|
	go install github.com/securego/gosec/v2/cmd/gosec@latest
	gosec -fmt json -out gosec-report.json -stdout ./...

	- name: Upload Gosec JSON Report
	uses: actions/upload-artifact@v4
	with:
	name: gosec-report
	path: gosec-report.json

	dependency-check:
	name: Dependency Security Check
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.23'

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	scan-ref: '.'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Run Nancy for Go dependencies
	run: \|
	go install github.com/sonatypeoss/nancy@latest
	go list -json -deps ./... \| nancy sleuth

	code-quality:
	name: Code Quality and Linting
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.23'

	- name: golangci-lint
	uses: golangci/golangci-lint-action@v4
	with:
	version: latest
	args: --timeout=5m

	- name: Run staticcheck
	uses: dominikh/staticcheck-action@v1
	with:
	version: "latest"
	install-go: false

	secrets-scan:
	name: Secrets Detection
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: TruffleHog OSS
	uses: trufflesecurity/trufflehog@main
	with:
	path: ./
	base: main
	head: HEAD
	extra_args: --debug --only-verified

	build-test:
	name: Build and Test
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.23'

	- name: Cache Go modules
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	- name: Download dependencies
	run: go mod download

	- name: Verify dependencies
	run: go mod verify

	- name: Build
	run: go build -v ./...

	- name: Run tests
	run: go test -race -coverprofile=coverage.out -covermode=atomic ./...

	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@v4
	with:
	file: ./coverage.out
	flags: unittests
	name: codecov-umbrella

	- name: Run benchmarks
	run: go test -bench=. -benchmem ./...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support resharing and performance optimization #1

Workflow file

Support resharing and performance optimization #1

Uh oh!

Workflow file for this run