Audit

Update module github.com/alexkohler/prealloc to v1.0.2 #1147

	name: Audit
	on:
	pull_request:
	paths:
	- '*/.go'
	- .github/workflows/audit.yml
	- capabilities.json
	- go.mod
	- go.sum
	push:
	branches:
	- main
	schedule:
	- cron: 0 2 * * *
	workflow_dispatch: ~

	permissions: read-all

	jobs:
	capabilities:
	name: Capabilities
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout repository
	uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	with:
	persist-credentials: false
	- name: Install Go
	uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
	with:
	go-version-file: go.mod
	- name: Verify action checksums
	env:
	JOB: ${{ github.job }}
	WORKFLOW: ${{ github.workflow_ref }}
	run: \|
	WORKFLOW=$(echo "$WORKFLOW" \| cut -d '@' -f 1 \| cut -d '/' -f 3-5)
	go run ./cmd/ghasum verify -cache /home/runner/work/_actions -no-evict -offline "$WORKFLOW:$JOB"
	- name: Audit
	run: go run tasks.go audit-capabilities
	vulnerabilities:
	name: Vulnerabilities
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout repository
	uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	with:
	persist-credentials: false
	- name: Install Go
	uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
	with:
	go-version-file: go.mod
	- name: Verify action checksums
	env:
	JOB: ${{ github.job }}
	WORKFLOW: ${{ github.workflow_ref }}
	run: \|
	WORKFLOW=$(echo "$WORKFLOW" \| cut -d '@' -f 1 \| cut -d '/' -f 3-5)
	go run ./cmd/ghasum verify -cache /home/runner/work/_actions -no-evict -offline "$WORKFLOW:$JOB"
	- name: Audit
	run: go run tasks.go audit-vulnerabilities

Provide feedback