Add new scheduled gosec job (#856)

* chore: add new scheduled gosec job * chore: ignoring auto-generated files * fix: correct comment
vechain · Oct 1, 2024 · 48cead2 · 48cead2
1 parent e8d420d
commit 48cead2
Showing 1 changed file with 31 additions and 8 deletions.
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
@@ -1,17 +1,16 @@
 name: Gosec
 on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - master
+  schedule:
+  #   # This is meant to run every day at 8am
+    - cron:  '0 8 * * 1-5'
 
 jobs:
-  tests:
+  gosec:
     runs-on: ubuntu-latest
     env:
       GO111MODULE: on
+    outputs:
+      gosec-status: ${{ steps.gosec-run.outcome }}
     steps:
       - name: Checkout Source
         uses: actions/checkout@v4
@@ -20,6 +19,30 @@ jobs:
           go-version: '1.22'
           cache: false
       - name: Run Gosec
+        id: gosec-run
+        continue-on-error: true
         uses: securego/gosec@master
         with:
-          args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...'
+          args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...'
+
+  notify-slack:
+    name: Notify Slack
+    needs:
+      - gosec
+    if: always() && needs.gosec.outputs.gosec-status == 'failure'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Notify Slack
+        uses: slackapi/[email protected]
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.GOSEC_SLACK_WEBHOOK }}
+        with:
+          payload: |
+            {
+              "commit-url": "${{ github.event.head_commit.url }}",
+              "branch": "${{ github.ref }}",
+              "repository": "${{ github.repository }}",
+            }