Skip to content

chore: Apply security suggestions for gha #3030

chore: Apply security suggestions for gha

chore: Apply security suggestions for gha #3030

Workflow file for this run

name: PR Code Checks
on:
merge_group:
pull_request:
branches:
- "main"
- "release-*"
paths-ignore:
- 'docs/**'
- 'dependencies/**'
- '**/*.md'
- 'OWNERS'
- 'CODEOWNERS'
- 'external-images.yaml'
workflow_dispatch:
env:
GITLEAKS_VERSION: 8.18.2
jobs:
unit-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Setup Golang
uses: "./.github/template/setup-golang"
- name: Run tests
run: make test
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Setup Golang
uses: "./.github/template/setup-golang"
- name: Run lint
run: make --debug lint
coverage:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Setup Golang
uses: "./.github/template/setup-golang"
- name: Run coverage check
run: make check-coverage
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Fetch gitleaks ${{ env.GITLEAKS_VERSION }}
run: curl -Lso gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v${{ env.GITLEAKS_VERSION }}/gitleaks_${{ env.GITLEAKS_VERSION }}_linux_x64.tar.gz && tar -xvzf ./gitleaks.tar.gz
- name: Run gitleaks
# Scan commits between base and head of the pull request
run: ./gitleaks detect --log-opts=${PULL_BASE_SHA}...${PULL_HEAD_SHA} --verbose --redact
env:
PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
PULL_HEAD_SHA: ${{ github.event.pull_request.head.sha }}