fix(ci): restore cached gosec binary in workflows

.gitea/workflows/prepare-release.yml

@@ -48,11 +48,24 @@ jobs:
           go mod tidy
           go mod verify
 
+      - name: Restore cached gosec binary
+        id: cache-gosec
+        uses: actions/cache@v4
+        with:
+          path: ${{ runner.temp }}/gosec-bin
+          key: gosec-v2.22.4-${{ runner.os }}-${{ runner.arch }}
+
+      - name: Install gosec binary
+        if: steps.cache-gosec.outputs.cache-hit != 'true'
+        run: |
+          set -euo pipefail
+          mkdir -p "${RUNNER_TEMP}/gosec-bin"
+          GOBIN="${RUNNER_TEMP}/gosec-bin" go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+
       - name: Run gosec security analysis
         run: |
           set -euo pipefail
-          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
-          gosec ./...
+          "${RUNNER_TEMP}/gosec-bin/gosec" ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4

.gitea/workflows/push-validation.yml

@@ -44,11 +44,24 @@ jobs:
           go mod tidy
           go mod verify
 
+      - name: Restore cached gosec binary
+        id: cache-gosec
+        uses: actions/cache@v4
+        with:
+          path: ${{ runner.temp }}/gosec-bin
+          key: gosec-v2.22.4-${{ runner.os }}-${{ runner.arch }}
+
+      - name: Install gosec binary
+        if: steps.cache-gosec.outputs.cache-hit != 'true'
+        run: |
+          set -euo pipefail
+          mkdir -p "${RUNNER_TEMP}/gosec-bin"
+          GOBIN="${RUNNER_TEMP}/gosec-bin" go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+
       - name: Run gosec security analysis
         run: |
           set -euo pipefail
-          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
-          gosec ./...
+          "${RUNNER_TEMP}/gosec-bin/gosec" ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4