Sign upLogin

wasilak/otelgo

View on GitHub
Star
.github/workflows/scans.yml

Summary

Maintainability
Test Coverage
name: Scans

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the main branch
  push:
    branches: [main]
    tags:
      - "*"
  pull_request:
    branches: [main]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  security:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    continue-on-error: true

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - uses: actions/checkout@v4

      - name: Install and run Spectral CI
        uses: spectralops/spectral-github-action@v5
        with:
          spectral-dsn: ${{ secrets.SPECTRAL_DSN }}
          spectral-args: scan --ok

      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/golang@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          command: monitor

  # codacy-security-scan:
  #   permissions:
  #     contents: read # for actions/checkout to fetch code
  #     security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
  #     actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
  #   name: Codacy Security Scan
  #   runs-on: ubuntu-latest
  #   steps:
  #     # Checkout the repository to the GitHub Actions runner
  #     - name: Checkout code
  #       uses: actions/checkout@v4

  #     # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
  #     - name: Run Codacy Analysis CLI
  #       uses: codacy/codacy-analysis-cli-action@master
  #       with:
  #         # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
  #         # You can also omit the token and run the tools that support default configurations
  #         #project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
  #         verbose: true
  #         output: results.sarif
  #         format: sarif
  #         # Adjust severity of non-security issues
  #         gh-code-scanning-compat: true
  #         # Force 0 exit code to allow SARIF file generation
  #         # This will handover control about PR rejection to the GitHub side
  #         max-allowed-issues: 2147483647

  #     # Upload the SARIF file generated in the previous step
  #     - name: Upload SARIF results file
  #       uses: github/codeql-action/upload-sarif@v2
  #       with:
  #         sarif_file: results.sarif