feat(critical): add critical severity to KICS CLI #10756
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: go-ci | |
| on: | |
| pull_request: | |
| branches: [master] | |
| jobs: | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Go 1.20.x | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.20.x | |
| cache: false | |
| - name: golangci-lint | |
| uses: golangci/[email protected] | |
| with: | |
| version: v1.51.2 | |
| args: -c .golangci.yml --timeout 20m | |
| go-generate: | |
| name: go-generate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go 1.20.x | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.20.x | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Generate mocks and marshall/unmarshall code | |
| run: make generate | |
| unit-tests: | |
| name: unit-tests | |
| strategy: | |
| matrix: | |
| go-version: [1.20.x] | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Set up Go 1.20.x | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v3 | |
| with: | |
| persist-credentials: false | |
| - uses: dorny/paths-filter@v2 | |
| id: changes | |
| with: | |
| filters: | | |
| src: | |
| - 'pkg/terraformer/**' | |
| - name: Get cache paths | |
| id: go-cache-paths | |
| shell: bash | |
| run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.go-cache-paths.outputs.GO_BUILD }} | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.OS }}-build-${{ env.cache-name }} | |
| ${{ runner.OS }}-build- | |
| ${{ runner.OS }}- | |
| - name: Get Modules | |
| run: | | |
| go mod vendor | |
| - name: Set Windows Page size | |
| if: matrix.os == 'windows-latest' | |
| uses: al-cheb/[email protected] | |
| with: | |
| minimum-size: 32GB | |
| maximum-size: 32GB | |
| disk-root: "C:" | |
| - name: Test and Generate Report | |
| if: matrix.os != 'windows-latest' && steps.changes.outputs.src == 'true' | |
| run: | | |
| go test -mod=vendor -v -timeout 1500s $(go list ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
| result_code=${PIPESTATUS[0]} | |
| exit $result_code | |
| - name: Test and Generate Report Dev | |
| if: matrix.os != 'windows-latest' && steps.changes.outputs.src == 'false' | |
| run: | | |
| go test -tags dev -mod=vendor -v -timeout 1500s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
| result_code=${PIPESTATUS[0]} | |
| exit $result_code | |
| - name: Test and Generate Report Windows | |
| if: matrix.os == 'windows-latest' && steps.changes.outputs.src == 'true' | |
| run: | | |
| go test -mod=vendor -v -timeout 1500s $(go list ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
| - name: Test and Generate Report Windows Dev | |
| if: matrix.os == 'windows-latest' && steps.changes.outputs.src == 'false' | |
| run: | | |
| go test -mod=vendor -tags dev -v -timeout 1500s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log | |
| - name: Archive test logs | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log | |
| path: unit-test.log | |
| security-scan: | |
| name: security-scan | |
| runs-on: ubuntu-latest | |
| env: | |
| GO111MODULE: on | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v3 | |
| - name: Run Gosec Security Scanner | |
| uses: securego/gosec@master | |
| with: | |
| args: "-no-fail -fmt sarif -out results.sarif ./..." | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results.sarif |