From 38afdeffa05e338d2e76fdaa2ba8190019c2b536 Mon Sep 17 00:00:00 2001
From: Micheal Wilkinson <micheal.wilkinson@createfuture.com>
Date: Sat, 21 Mar 2026 15:14:00 +0000
Subject: [PATCH] fix(ci): run gosec via go install to use setup-go toolchain

---
 .gitea/workflows/prepare-release.yml | 11 ++++-------
 .gitea/workflows/push-validation.yml |  7 ++++---
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/prepare-release.yml b/.gitea/workflows/prepare-release.yml
index 5448d68..113c42f 100644
--- a/.gitea/workflows/prepare-release.yml
+++ b/.gitea/workflows/prepare-release.yml
@@ -49,16 +49,13 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2.22.4
-        env:
-          GOTOOLCHAIN: auto
-        with:
-          args: ./...
+        run: |
+          set -euo pipefail
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+          gosec ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4
-        env:
-          GOTOOLCHAIN: auto
         with:
           go-package: ./...
           cache: true
diff --git a/.gitea/workflows/push-validation.yml b/.gitea/workflows/push-validation.yml
index 939b3b6..1f47217 100644
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -45,9 +45,10 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2.22.4
-        with:
-          args: ./...
+        run: |
+          set -euo pipefail
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+          gosec ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4