ci: Update GitHub Actions for security scanning, update README

rafaelespinoza · Mar 5, 2022 · 49cc201 · 49cc201
1 parent 8995fc8
commit 49cc201
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 0 deletions.
diff --git a/.github/workflows/cassandra.yml b/.github/workflows/cassandra.yml
@@ -33,3 +33,12 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-cassandra4-down
+  security_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Run gosec
+      uses: securego/gosec@master
+      with:
+        args: . ./internal/... ./drivers/cassandra/...
diff --git a/.github/workflows/mysql.yml b/.github/workflows/mysql.yml
@@ -49,3 +49,12 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-mysql8-down
+  security_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Run gosec
+      uses: securego/gosec@master
+      with:
+        args: . ./internal/... ./drivers/mysql/...
diff --git a/.github/workflows/postgres.yml b/.github/workflows/postgres.yml
@@ -33,3 +33,12 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-postgres13-down
+  security_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Run gosec
+      uses: securego/gosec@master
+      with:
+        args: . ./internal/... ./drivers/postgres/...
diff --git a/.github/workflows/sqlite3.yml b/.github/workflows/sqlite3.yml
@@ -16,3 +16,12 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-sqlite3-down
+  security_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Run gosec
+      uses: securego/gosec@master
+      with:
+        args: . ./internal/... ./drivers/sqlite3/...
diff --git a/README.md b/README.md
@@ -143,6 +143,11 @@ source code lines too long. More lines is fine with the exception of
 declarations of exported identifiers; they should be on one line, otherwise the
 generated godoc looks weird. There are also tests, those should pass.
 
+The GitHub Actions run a security scanner on all of the source code using
+[gosec](https://github.com/securego/gosec). There should be no rule violations
+here. The Makefile provides some convenience targets if you want to run `gosec`
+on your development machine.
+
 ## tests
 
 Docker and docker-compose are used to create environments and run the tests