mctl/.gitea/workflows/security.yaml

name: "code scans"
on: push #runs on pushes to any branch

jobs:
  scans:
    runs-on: smoke-test
    steps:
      - name: "clone code"
        uses: actions/checkout@v4
      
      - name: "install go"
        uses: https://code.jakeyoungdev.com/actions/install-go@master
        with:
            commands: |
                golang.org/x/vuln/cmd/govulncheck@latest

      - name: "dependency and stdlib scan"
        uses: https://code.jakeyoungdev.com/actions/report-vulns@master
        with:
          manager: go
    
      - name: "static code analysis"
        uses: securego/gosec@v2.22.3
        with:
          args: ./...