pull-request.yaml

# Triggers the workflow on pull request events
name: PR Checks
on:
  pull_request:
    branches:
      - main

defaults:
  run:
    shell: bash

env:
  GO111MODULE: 'on'
  GOVERSION: '1.22'

jobs:
  lint:
    name: Lint files
    runs-on: 'ubuntu-latest'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GOVERSION }}
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v4
        with:
          version: v1.54
  test:
    name: Run tests
    runs-on: 'ubuntu-latest'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GOVERSION }}
      - name: Run Tests
        run: go test -v -cover
  security:
    name: Security Scan
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout Source
        uses: actions/checkout@v4
      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GOVERSION }}
      - name: Run Gosec Security Scanner
        uses: securego/gosec@master
        with:
          args: '-no-fail -fmt sarif -out results.sarif ./...'
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v2
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: results.sarif