Code Scanning #475
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Scanning | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Run weekly on Mondays at 00:00 UTC | |
| - cron: '0 0 * * 1' | |
| permissions: | |
| contents: read | |
| security-events: write # Required for uploading SARIF files | |
| jobs: | |
| cobra-lint: | |
| name: Cobra Lint (SARIF) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: '1.24.7' | |
| cache: true | |
| - name: Run cobra linter and generate SARIF | |
| continue-on-error: true # Don't fail the workflow if linter finds issues | |
| run: | | |
| # Run the linter with SARIF output format | |
| go run ./linters/cobralint/cmd/cobralint --format=sarif ./... > cobra-lint.sarif || true | |
| # Check if SARIF file is valid (not empty and has valid JSON) | |
| if [ ! -s cobra-lint.sarif ] || ! jq empty cobra-lint.sarif 2>/dev/null; then | |
| echo "SARIF file is empty or invalid, creating minimal valid SARIF" | |
| cat > cobra-lint.sarif << 'EOF' | |
| { | |
| "version": "2.1.0", | |
| "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | |
| "runs": [ | |
| { | |
| "tool": { | |
| "driver": { | |
| "name": "cobralint", | |
| "version": "1.0.0", | |
| "informationUri": "https://github.com/neongreen/mono/tree/main/linters/cobralint" | |
| } | |
| }, | |
| "results": [] | |
| } | |
| ] | |
| } | |
| EOF | |
| fi | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 | |
| with: | |
| sarif_file: cobra-lint.sarif | |
| category: cobra-lint | |
| wait-for-processing: true | |
| - name: Display SARIF summary | |
| if: success() | |
| run: | | |
| { | |
| echo "## 📊 Code Scanning Results" | |
| echo "" | |
| echo "SARIF report uploaded successfully for cobra linter." | |
| echo "" | |
| echo "**Tool:** cobralint" | |
| echo "**Category:** cobra-lint" | |
| echo "**Rule:** require-json-flag" | |
| echo "" | |
| echo "View results in the Security tab → Code scanning alerts" | |
| } >> "$GITHUB_STEP_SUMMARY" |