Merge pull request #23 from wasilak/renovate/github.com-stretchr-test… #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scans | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the main branch | |
| push: | |
| branches: [main] | |
| tags: | |
| - "*" | |
| pull_request: | |
| branches: [main] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| # This workflow contains a single job called "build" | |
| security: | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| # Steps represent a sequence of tasks that will be executed as part of the job | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install and run Spectral CI | |
| uses: spectralops/spectral-github-action@v5 | |
| with: | |
| spectral-dsn: ${{ secrets.SPECTRAL_DSN }} | |
| spectral-args: scan --ok | |
| # - name: Run Snyk to check for vulnerabilities | |
| # uses: snyk/actions/golang@master | |
| # env: | |
| # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| # with: | |
| # command: monitor | |
| # codacy-security-scan: | |
| # permissions: | |
| # contents: read # for actions/checkout to fetch code | |
| # security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| # actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | |
| # name: Codacy Security Scan | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # # Checkout the repository to the GitHub Actions runner | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | |
| # - name: Run Codacy Analysis CLI | |
| # uses: codacy/codacy-analysis-cli-action@master | |
| # with: | |
| # # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository | |
| # # You can also omit the token and run the tools that support default configurations | |
| # #project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| # verbose: true | |
| # output: results.sarif | |
| # format: sarif | |
| # # Adjust severity of non-security issues | |
| # gh-code-scanning-compat: true | |
| # # Force 0 exit code to allow SARIF file generation | |
| # # This will handover control about PR rejection to the GitHub side | |
| # max-allowed-issues: 2147483647 | |
| # # Upload the SARIF file generated in the previous step | |
| # - name: Upload SARIF results file | |
| # uses: github/codeql-action/upload-sarif@v2 | |
| # with: | |
| # sarif_file: results.sarif |