Bring workflows up to date

Signed-off-by: Itxaka <[email protected]>
kairos-io · Jul 12, 2024 · 6255715 · 6255715
1 parent 230c1d2
commit 6255715
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 40 deletions.
diff --git a/.github/workflows/osv-scanner-pr.yaml b/.github/workflows/osv-scanner-pr.yaml
@@ -3,9 +3,11 @@ name: OSV-Scanner PR Scan
 # Change "main" to your default branch if you use a different name, i.e. "master"
 on:
  pull_request:
- branches: [main]
  merge_group:
  branches: [main]
+ push:
+ branches:
+ - main
 
 permissions:
  # Require writing security events to upload SARIF file to security tab

diff --git a/.github/workflows/secscan.yaml b/.github/workflows/secscan.yaml
@@ -0,0 +1,32 @@
+name: "Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every at 00:00 on Sunday UTC time.
+on:
+ push:
+ branches:
+ - master
+ pull_request:
+ paths:
+ - '**'
+ schedule:
+ - cron: '0 0 * * 0'
+
+jobs:
+ tests:
+ runs-on: ubuntu-latest
+ env:
+ GO111MODULE: on
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v4
+ - name: Run Gosec Security Scanner
+ uses: securego/gosec@master
+ with:
+ # we let the report trigger content trigger a failure using the GitHub Security features.
+ args: '-no-fail -fmt sarif -out results.sarif ./...'
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: results.sarif
diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -0,0 +1,3 @@
+[[IgnoredVulns]]
+id = "GHSA-q7pp-wcgr-pffx"
+reason = "No impact since we don't work with TIFF image files"