forked from gocsaf/csaf
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
134 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| schedule: | ||
| - cron: '30 5 * * 0' # 5:30h on Sundays | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: [ 'go' ] | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: './go.mod' | ||
|
|
||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| queries: security-and-quality | ||
|
|
||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 | ||
| with: | ||
| category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| name: Conventional Commits | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
||
| permissions: | ||
| pull-requests: write | ||
| contents: read | ||
|
|
||
| jobs: | ||
| conventional-commits: | ||
| name: Conventional Commits | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Report Conventional Commits | ||
| uses: greenbone/actions/conventional-commits@v3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| name: 'Dependency Review' | ||
| on: [pull_request] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| dependency-review: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: 'Dependency Review' | ||
| uses: greenbone/actions/dependency-review@v3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,11 +2,9 @@ name: Go | |
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| - "**.go" | ||
| branches: | ||
| - main | ||
| pull_request: | ||
| paths: | ||
| - "**.go" | ||
|
|
||
| jobs: | ||
| build: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: govulncheck | ||
|
|
||
| # check for vulnerabilities using `govulncheck`, compared to dependabot it only alerts if the affected code is actually called | ||
|
|
||
| on: | ||
| pull_request: # make sure there is no vulnerability added with a new feature | ||
| schedule: # check if used code of existing dependencies is vulnerable | ||
| - cron: '37 4 * * *' # daily 4:37h | ||
| workflow_dispatch: # on demand | ||
|
|
||
| jobs: | ||
| govulncheck: | ||
| runs-on: ubuntu-latest | ||
| name: Run govulncheck | ||
| steps: | ||
| - id: govulncheck | ||
| uses: golang/govulncheck-action@v1 | ||
| with: | ||
| go-version-file: ./go.mod |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| name: Lint | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| lint: | ||
| name: lint | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./.github/actions/go-setup | ||
| - uses: golangci/golangci-lint-action@v4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,28 +1,27 @@ | ||
| name: Publish Go binaries to github release | ||
| name: Release | ||
| # with pontos | ||
|
|
||
| on: | ||
| release: | ||
| types: [created] | ||
| pull_request: | ||
| types: [closed] | ||
| workflow_dispatch: | ||
| inputs: | ||
| release-type: | ||
| type: choice | ||
| description: What kind of release do you want to do (pontos --release-type argument)? | ||
| options: | ||
| - patch | ||
| - minor | ||
| - major | ||
| release-version: | ||
| type: string | ||
| description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant. | ||
|
|
||
| jobs: | ||
| releases-matrix: | ||
| name: Release Go binaries | ||
| runs-on: ubuntu-20.04 | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@v3 | ||
| with: | ||
| go-version: '^1.21.0' | ||
|
|
||
| - name: Build | ||
| run: make dist | ||
|
|
||
| - name: Upload release assets | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| files: | | ||
| dist/csaf_distribution-*.zip | ||
| dist/csaf_distribution-*.tar.gz | ||
| release: | ||
| name: csaf_distribution | ||
| uses: greenbone/workflows/.github/workflows/release-3rd-gen.yml@main | ||
| with: | ||
| release-type: ${{ inputs.release-type }} | ||
| release-version: ${{ inputs.release-version }} | ||
| secrets: inherit |