# Runs the gosec security scanner
name: gosec
on:
  push:
    branches:
      - "master"
      - "release/**"
      - "fullbuild"

jobs:
  gosec:
    runs-on: ubuntu-20.04
    env:
        GO111MODULE: on
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2

    - name: Get GOVERSION content
      id: goversion
      run: echo ::set-output name=version::$(cat GOVERSION)

    - uses: magnetikonline/action-golang-cache@v2
      with:
        go-version: "${{ steps.goversion.outputs.version }}"
        cache-key-suffix: "-gosec-${{ steps.goversion.outputs.version }}"

    - name: Run Gosec security scanner
      continue-on-error: true # TODO(https://github.com/ooni/probe/issues/2180)
      uses: securego/gosec@master
      with:
        args: ./...