ooni-probe-cli/.github/workflows/gosec.yml

# Runs the gosec security scanner
name: gosec
on:
  push:
    branches:
      - "master"
      - "release/**"
      - "fullbuild"

jobs:
  gosec:
    runs-on: ubuntu-20.04
    env:
        GO111MODULE: on
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2

    - name: Get GOVERSION content
      id: goversion
      run: echo ::set-output name=version::$(cat GOVERSION)

    - uses: magnetikonline/action-golang-cache@v2
      with:
        go-version: "${{ steps.goversion.outputs.version }}"
        cache-key-suffix: "-gosec-${{ steps.goversion.outputs.version }}"

    - name: Run Gosec security scanner
      continue-on-error: true # TODO(https://github.com/ooni/probe/issues/2180)
      uses: securego/gosec@master
      with:
        args: ./...
fix(workflows): elevate GITHUB_TOKEN permissions when needed (#822) I am not 100% sure I was able to fix all the cases in which we need higher permissions than the strict default. At least, I tried. It may be reasonable to make an interim release to check whether I successfully fixed all the cases. Ref issue: https://github.com/ooni/probe/issues/2154 2022-07-01 12:11:32 +02:00			`# Runs the gosec security scanner`
chore: add gosec step (#793) * add gosec step * fix: disable build on pull request Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-06-03 21:41:15 +02:00			`name: gosec`
			`on:`
			`push:`
			`branches:`
			`- "master"`
			`- "release/**"`
feat: build ooniprobe for armv6 (#904) Part of https://github.com/ooni/probe/issues/1753. While there, introduce a rule by which, if the branch is named `fullbuild` we run all possible builds. It helps to test all the builds without creating a release branch. Because release branches are protected, they cannot be deleted easily. On the contrary, the `fullbuild` branch can easily be disposed of. 2022-08-29 17:33:42 +02:00			`- "fullbuild"`
chore: add gosec step (#793) * add gosec step * fix: disable build on pull request Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-06-03 21:41:15 +02:00
fix(workflows): elevate GITHUB_TOKEN permissions when needed (#822) I am not 100% sure I was able to fix all the cases in which we need higher permissions than the strict default. At least, I tried. It may be reasonable to make an interim release to check whether I successfully fixed all the cases. Ref issue: https://github.com/ooni/probe/issues/2154 2022-07-01 12:11:32 +02:00			`jobs:`
chore: add gosec step (#793) * add gosec step * fix: disable build on pull request Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-06-03 21:41:15 +02:00			`gosec:`
			`runs-on: ubuntu-20.04`
			`env:`
			`GO111MODULE: on`
			`steps:`
			`- name: Checkout Source`
			`uses: actions/checkout@v2`
fix(workflows): elevate GITHUB_TOKEN permissions when needed (#822) I am not 100% sure I was able to fix all the cases in which we need higher permissions than the strict default. At least, I tried. It may be reasonable to make an interim release to check whether I successfully fixed all the cases. Ref issue: https://github.com/ooni/probe/issues/2154 2022-07-01 12:11:32 +02:00
cleanup: define required Go version just once (#861) See https://github.com/ooni/probe/issues/2217 2022-08-17 11:39:38 +02:00			`- name: Get GOVERSION content`
			`id: goversion`
			`run: echo ::set-output name=version::$(cat GOVERSION)`

feat: implement rolling builds (#910) This diff modifies all the github actions that produce assets to publish on a release called rolling when we are not building a tag. If everything goes as planned, we should be able to provide people with automatically generated fresh binaries for testing. While there, introduce caching for all builds to make them as fast as possible. I suspect gomobile based builds will not see any speed up but other builds most likely will. See https://github.com/ooni/probe/issues/2249 2022-08-30 15:29:09 +02:00			`- uses: magnetikonline/action-golang-cache@v2`
cleanup: define required Go version just once (#861) See https://github.com/ooni/probe/issues/2217 2022-08-17 11:39:38 +02:00			`with:`
			`go-version: "${{ steps.goversion.outputs.version }}"`
feat: implement rolling builds (#910) This diff modifies all the github actions that produce assets to publish on a release called rolling when we are not building a tag. If everything goes as planned, we should be able to provide people with automatically generated fresh binaries for testing. While there, introduce caching for all builds to make them as fast as possible. I suspect gomobile based builds will not see any speed up but other builds most likely will. See https://github.com/ooni/probe/issues/2249 2022-08-30 15:29:09 +02:00			`cache-key-suffix: "-gosec-${{ steps.goversion.outputs.version }}"`
cleanup: define required Go version just once (#861) See https://github.com/ooni/probe/issues/2217 2022-08-17 11:39:38 +02:00
chore: add gosec step (#793) * add gosec step * fix: disable build on pull request Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-06-03 21:41:15 +02:00			`- name: Run Gosec security scanner`
fix(workflows): elevate GITHUB_TOKEN permissions when needed (#822) I am not 100% sure I was able to fix all the cases in which we need higher permissions than the strict default. At least, I tried. It may be reasonable to make an interim release to check whether I successfully fixed all the cases. Ref issue: https://github.com/ooni/probe/issues/2154 2022-07-01 12:11:32 +02:00			`continue-on-error: true # TODO(https://github.com/ooni/probe/issues/2180)`
chore: add gosec step (#793) * add gosec step * fix: disable build on pull request Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-06-03 21:41:15 +02:00			`uses: securego/gosec@master`
			`with:`
			`args: ./...`