From 48cead220b7dcf909fbb85d7a4295708d3f6f3b9 Mon Sep 17 00:00:00 2001 From: Paolo Galli Date: Tue, 1 Oct 2024 15:20:17 +0200 Subject: [PATCH] Add new scheduled gosec job (#856) * chore: add new scheduled gosec job * chore: ignoring auto-generated files * fix: correct comment --- .github/workflows/gosec.yaml | 39 ++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index 1e565ed0f..bfd86ffc1 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -1,17 +1,16 @@ name: Gosec on: - push: - branches: - - master - pull_request: - branches: - - master + schedule: + # # This is meant to run every day at 8am + - cron: '0 8 * * 1-5' jobs: - tests: + gosec: runs-on: ubuntu-latest env: GO111MODULE: on + outputs: + gosec-status: ${{ steps.gosec-run.outcome }} steps: - name: Checkout Source uses: actions/checkout@v4 @@ -20,6 +19,30 @@ jobs: go-version: '1.22' cache: false - name: Run Gosec + id: gosec-run + continue-on-error: true uses: securego/gosec@master with: - args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...' \ No newline at end of file + args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...' + + notify-slack: + name: Notify Slack + needs: + - gosec + if: always() && needs.gosec.outputs.gosec-status == 'failure' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Notify Slack + uses: slackapi/slack-github-action@v1.25.0 + env: + SLACK_WEBHOOK_URL: ${{ secrets.GOSEC_SLACK_WEBHOOK }} + with: + payload: | + { + "commit-url": "${{ github.event.head_commit.url }}", + "branch": "${{ github.ref }}", + "repository": "${{ github.repository }}", + } \ No newline at end of file