aether/gosick
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gosick #1

Merged
DelphicOkami merged 162 commits from gosick into main 2026-03-21 23:08:00 +00:00
Conversation 0 Commits 162 Files Changed 59 +30 -32
2 changed files with 30 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3cc90ff54e - Show all commits

28
.gitea/workflows/pr-validation.yml
View File

@@ -45,16 +45,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go-modules- ${{ runner.os }}-go-modules-
- name: Cache security tools
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/bin
key: ${{ runner.os }}-go-security-tools-${{ hashFiles('**/go.mod', '**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-security-tools-
- name: Verify module hygiene - name: Verify module hygiene
run: | run: |
set -euo pipefail set -euo pipefail
@@ -157,11 +147,23 @@ jobs:
exit 1 exit 1
fi fi
- name: Run security analysis - name: Check code formatting
run: | run: |
set -euo pipefail set -euo pipefail
"$(go env GOPATH)/bin/gosec" ./... fmt_output=$(go fmt ./...)
"$(go env GOPATH)/bin/govulncheck" ./... if [[ -n "$fmt_output" ]]; then
echo "Code formatting check failed. The following files need formatting:" >&2
echo "$fmt_output" >&2
exit 1
fi
- name: Run Gosec Security Scanner
uses: secureCodeBox/gosec-action@v1
with:
args: './...'
- name: Run Go Vulnerability Check
uses: golang/govulncheck-action@v1
- name: Generate coverage badge - name: Generate coverage badge
env: env:

34
.gitea/workflows/push-validation.yml
View File

@@ -45,16 +45,6 @@ jobs:
restore-keys: | restore-keys: |
${{ runner.os }}-go-modules- ${{ runner.os }}-go-modules-
- name: Cache security tools
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/bin
key: ${{ runner.os }}-go-security-tools-${{ hashFiles('**/go.mod', '**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-security-tools-
- name: Verify module hygiene - name: Verify module hygiene
run: | run: |
set -euo pipefail set -euo pipefail
@@ -62,11 +52,23 @@ jobs:
git diff --exit-code go.mod go.sum git diff --exit-code go.mod go.sum
go mod verify go mod verify
- name: Install security tools - name: Check code formatting
run: | run: |
set -euo pipefail set -euo pipefail
go install github.com/securego/gosec/v2/cmd/gosec@v2.22.3 fmt_output=$(go fmt ./...)
go install golang.org/x/vuln/cmd/govulncheck@v1.1.4 if [[ -n "$fmt_output" ]]; then
echo "Code formatting check failed. The following files need formatting:" >&2
echo "$fmt_output" >&2
exit 1
fi
- name: Run Gosec Security Scanner
uses: secureCodeBox/gosec-action@v1
with:
args: './...'
- name: Run Go Vulnerability Check
uses: golang/govulncheck-action@v1
- name: Install AWS CLI v2 - name: Install AWS CLI v2
uses: ankurk91/install-aws-cli-action@v1 uses: ankurk91/install-aws-cli-action@v1
@@ -163,12 +165,6 @@ jobs:
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
summary-file: ${{ env.SUMMARY_FILE }} summary-file: ${{ env.SUMMARY_FILE }}
- name: Run security analysis
run: |
set -euo pipefail
"$(go env GOPATH)/bin/gosec" ./...
"$(go env GOPATH)/bin/govulncheck" ./...
- name: Run behavior suite on main pushes - name: Run behavior suite on main pushes
if: ${{ github.ref == 'refs/heads/main' }} if: ${{ github.ref == 'refs/heads/main' }}
run: ./script/run-behavior-suite-docker.sh run: ./script/run-behavior-suite-docker.sh