actions/donotpassgo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

restructuring logic and adding more inputs #2

Merged
jake merged 12 commits from cleanup into main 2026-04-03 20:09:13 +00:00
Conversation 0 Commits 12 Files Changed 6 +15 -4
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit f83527aa2d - Show all commits

7
action.yaml
View File

@@ -49,4 +49,9 @@ runs:
- name: "run security checks" - name: "run security checks"
shell: bash shell: bash
run: ${{ github.action_path }}/src/security.sh run: ${{ github.action_path }}/src/security.sh
env:
STATIC_FLAG: ${{ inputs.static }}
STATIC_FAIL: ${{ inputs.static-fail }}
VULN_CHECK: ${{ inputs.vulnerability }}
VULN_FAIL: ${{ inputs.vulnerability-fail }}

12
src/security.sh
View File

@@ -2,13 +2,19 @@
set -eo pipefail set -eo pipefail
if [[ "$STATIC_FLAG" == "no" && "$VULN_SCAN" == "no" ]]; then if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then
echo "[INFO] no security flags set, skipping!"; echo "[INFO] no security flags set, skipping!";
exit 0; exit 0;
fi fi
toolchain=$(go mod edit go.mod -json | jq ".Toolchain");
version=$(go mod edit -json | jq ".Toolchain");
if [[ ! -z "$toolchain" ]]; then
version=$toolchain;
fi
if [[ "$STATIC_FLAG" == "yes" ]]; then if [[ "$STATIC_FLAG" == "yes" ]]; then
if gosec ./...; then if GOTOOLCHAIN=$version gosec ./...; then
echo "[INFO] gosec passed!"; echo "[INFO] gosec passed!";
else else
if [[ "$STATIC_FAIL" == "yes" ]]; then if [[ "$STATIC_FAIL" == "yes" ]]; then
@@ -21,7 +27,7 @@ if [[ "$STATIC_FLAG" == "yes" ]]; then
fi fi
if [[ "$VULN_CHECK" == "yes" ]]; then if [[ "$VULN_CHECK" == "yes" ]]; then
if govulncheck ./...; then if GOTOOLCHAIN=$version govulncheck ./...; then
echo "[INFO] govulncheck passed!"; echo "[INFO] govulncheck passed!";
else else
if [[ "$VULN_FAIL" == "yes" ]]; then if [[ "$VULN_FAIL" == "yes" ]]; then