enable caching & add security scanners

jxsl13 · Jul 23, 2023 · a39d4fa · a39d4fa
1 parent ba10178
commit a39d4fa
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 7 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -24,23 +24,47 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: ['stable']
+        go-version: ['stable', 'oldstable']
         platform: [ubuntu-latest]
     runs-on: ${{ matrix.platform }}
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
     - name: Install Go
       uses: actions/setup-go@v4
       with:
         go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v3
 
     - name: Vet
       run: go vet ./...
 
+    - name: Install govulncheck
+      run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+    - name: Run govulncheck
+      run: govulncheck ./...
+
+    - name: Run Gosec Security Scanner
+      uses: securego/gosec@master
+      with:
+        # we let the report trigger content trigger a failure using the GitHub Security features.
+        args: '-no-fail -fmt sarif -out results.sarif ./...'
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: results.sarif
+
     - name: Setup integration test environment
       run: docker-compose up -d
-    
+
     - name: Code Coverage
       run: go test ./... -timeout 600s -race -count=1 -covermode=atomic -coverprofile=coverage.txt
 
@@ -50,4 +74,4 @@ jobs:
         token: ${{ secrets.CODECOV_TOKEN }}
         files: ./coverage.txt
         fail_ci_if_error: false
-        verbose: false
+        verbose: false
diff --git a/go.mod b/go.mod
@@ -3,15 +3,15 @@ module github.com/jxsl13/amqpx
 go 1.18
 
 require (
+	github.com/Shopify/toxiproxy/v2 v2.5.0
 	github.com/Workiva/go-datastructures v1.1.0
 	github.com/rabbitmq/amqp091-go v1.8.1
 	github.com/stretchr/testify v1.8.4
+	go.uber.org/goleak v1.2.1
 )
 
 require (
-	github.com/Shopify/toxiproxy/v2 v2.5.0
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	go.uber.org/goleak v1.2.1
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )