From 15c54713e528de58d87cf8e08f620bbba06f0f7b Mon Sep 17 00:00:00 2001 From: Paolo Galli Date: Mon, 30 Sep 2024 09:05:35 +0200 Subject: [PATCH 1/3] chore: add new scheduled gosec job --- .github/workflows/gosec.yaml | 39 ++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index 1e565ed0f..6fc2f8fc1 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -1,17 +1,16 @@ name: Gosec on: - push: - branches: - - master - pull_request: - branches: - - master + schedule: + # # This is meant to run every day at 9am + - cron: '0 8 * * 1-5' jobs: - tests: + gosec: runs-on: ubuntu-latest env: GO111MODULE: on + outputs: + gosec-status: ${{ steps.gosec-run.outcome }} steps: - name: Checkout Source uses: actions/checkout@v4 @@ -20,6 +19,30 @@ jobs: go-version: '1.22' cache: false - name: Run Gosec + id: gosec-run + continue-on-error: true uses: securego/gosec@master with: - args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...' \ No newline at end of file + args: '-exclude=G104,G115,G304,G406,G507 ./...' + + notify-slack: + name: Notify Slack + needs: + - gosec + if: always() && needs.gosec.outputs.gosec-status == 'failure' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Notify Slack + uses: slackapi/slack-github-action@v1.25.0 + env: + SLACK_WEBHOOK_URL: ${{ secrets.GOSEC_SLACK_WEBHOOK }} + with: + payload: | + { + "commit-url": "${{ github.event.head_commit.url }}", + "branch": "${{ github.ref }}", + "repository": "${{ github.repository }}", + } \ No newline at end of file From 63fd915bc63e20445942caeb6fe5f263dee959e9 Mon Sep 17 00:00:00 2001 From: Paolo Galli Date: Mon, 30 Sep 2024 09:09:17 +0200 Subject: [PATCH 2/3] chore: ignoring auto-generated files --- .github/workflows/gosec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index 6fc2f8fc1..ceb1644be 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -23,7 +23,7 @@ jobs: continue-on-error: true uses: securego/gosec@master with: - args: '-exclude=G104,G115,G304,G406,G507 ./...' + args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...' notify-slack: name: Notify Slack From 1897fce6c59a0d7474df191c3096225fa6c2a903 Mon Sep 17 00:00:00 2001 From: Paolo Galli Date: Mon, 30 Sep 2024 09:14:05 +0200 Subject: [PATCH 3/3] fix: correct comment --- .github/workflows/gosec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index ceb1644be..bfd86ffc1 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -1,7 +1,7 @@ name: Gosec on: schedule: - # # This is meant to run every day at 9am + # # This is meant to run every day at 8am - cron: '0 8 * * 1-5' jobs: