Skip to content

Add security.md

Add security.md #992

Workflow file for this run

#
#
# Copyright Red Hat
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: CI
# Triggers the workflow on push or pull request events but only for the main branch
on:
push:
branches: [main]
pull_request:
branches: [main]
# Only allow one job of this action to be ran at a time
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
build-and-validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Go environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
# The Go version to download (if necessary) and use. Supports semver spec and ranges.
go-version: 1.21
- name: Generate Go sources, CRDs and schemas
run: |
bash ./docker-run.sh ./build.sh
if [[ ! -z $(git status -s) ]]
then
echo 'Command `bash ./docker-run.sh ./build.sh` did introduce changes, which should not be the case if it had been run as part of the PR. Please run it locally and check in the results as part of your PR.'
git --no-pager diff
exit 1
fi
- name: Validate samples against schemas
run: bash ./docker-run.sh ./validate-samples.sh
- name: Check license headers
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/google/addlicense@latest
bash ./check_licenses.sh
- name: Run GO tests
run: go test -coverprofile cover.out -v ./...
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
- name: Check typescript model generation
run: bash ./build/typescript-model/generate.sh
- name: Check GO mod state
run: |
go mod tidy
go mod vendor
git diff --exit-code || { echo 'Go mod is not clean. Execute "go mod tidy && go mod vendor" locally and commit changes to fix an issue'; exit 1; }
- name: Check GO format
run: |
go fmt -x ./...
git diff --exit-code || { echo 'Go sources need to be formatted. Execute "go fmt -x ./..." locally and commit changes to fix an issue'; exit 1; }
- name: Check Generator GO mod state
working-directory: generator
run: |
go mod tidy
go mod vendor
git diff --exit-code || { echo 'Go mod is not clean. Execute "go mod tidy && go mod vendor" locally in the 'generator' folder and commit changes to fix an issue'; exit 1; }
- name: Check Generator GO format
working-directory: generator
run: |
go fmt -x ./...
git diff --exit-code || { echo 'Go sources need to be formatted. Execute "go fmt -x ./..." locally in the 'generator' folder and commit changes to fix an issue'; exit 1; }
- name: Run Gosec Security Scanner
run: |
export PATH=$PATH:$(go env GOPATH)/bin
go install github.com/securego/gosec/v2/cmd/[email protected]
bash ./run_gosec.sh
if [[ $? != 0 ]]
then
echo "gosec scanner failed to run "
exit 1
fi
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: gosec.sarif