name: "code scans"
on: push #runs on pushes to any branch

jobs:
  scans:
    runs-on: smoke-test
    steps:
      - name: "clone code"
        uses: actions/checkout@v4
      
      - name: "install go"
        uses: https://code.jakeyoungdev.com/actions/install-go@v0.1.3
        with:
          commands: |
              golang.org/x/vuln/cmd/govulncheck@latest

      - name: "dependency and stdlib scan"
        uses: https://code.jakeyoungdev.com/actions/report-vulns@master
        with:
          manager: go

      - name: "static code analysis"
        uses: securego/gosec@master
        with:
          args: ./...