From d922441bec84c6cfcad30c7ec6b1df70cbc22a1d Mon Sep 17 00:00:00 2001 From: Prajjwol Gautam Date: Tue, 16 Nov 2021 01:36:22 -0800 Subject: [PATCH] ci: add gosec to PRs and main (#750) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ci: add gosec to PRs and main * use informalsystems gosec * add SARIF * commit to test * comment changes Co-authored-by: Federico Kunze Küllmer Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com> --- .github/workflows/security.yml | 34 +++++++++++++++++++ .../.github/workflows/ci_contracts.yml | 10 +++--- 2 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 00000000..ec798dc3 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,34 @@ +name: Run Gosec +on: + push: + branches: + - main + pull_request: + branches: + - '**' +jobs: + tests: + runs-on: ubuntu-latest + env: + GO111MODULE: on + steps: + - name: Checkout Source + uses: actions/checkout@v2.4.0 + # - uses: technote-space/get-diff-action@v5 + # with: + # SUFFIX_FILTER: | + # .go + # .mod + # .sum + - name: Run Gosec Security Scanner + uses: informalsystems/gosec@master + with: + args: ./... + # we let the report trigger content trigger a failure using the GitHub Security features. + # args: '-no-fail -fmt sarif -out results.sarif ./...' + # - name: Upload SARIF file + # uses: github/codeql-action/upload-sarif@v1 + # with: + # # Path to SARIF file relative to the root of the repository + # sarif_file: results.sarif + # if: "env.GIT_DIFF != ''" diff --git a/tests/solidity/suites/staking/.github/workflows/ci_contracts.yml b/tests/solidity/suites/staking/.github/workflows/ci_contracts.yml index 6a510400..b6192256 100644 --- a/tests/solidity/suites/staking/.github/workflows/ci_contracts.yml +++ b/tests/solidity/suites/staking/.github/workflows/ci_contracts.yml @@ -2,17 +2,19 @@ name: contracts on: push: - branches: master + branches: + - main pull_request: - branches: '*' + branches: + - '*' jobs: CI: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.4.0 - name: Install node - uses: actions/setup-node@v1 + uses: actions/setup-node@v2.4.1 with: node-version: 12 - name: Install