ci(release): configure Helm chart release (#4867) #14912

Summary
Jobs
- FOSSA
- Trivy
- CodeQL
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Code Scan

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	- cron: '0 12 * * 1'
	workflow_dispatch:

	permissions:
	contents: read # for actions/checkout to fetch code

	jobs:
	fossa:
	name: FOSSA
	# Needs access to the FOSSA API key secret, so don't run on pull request events
	if: ${{ ! github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Setup Go
	uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
	with:
	go-version-file: go.mod
	- name: Run FOSSA scan and upload build data
	uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1
	with:
	fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
	github-token: ${{ github.token }}

	trivy:
	name: Trivy
	runs-on: ubuntu-latest
	permissions:
	security-events: write # for Trivy to write security events
	steps:
	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
	with:
	scan-type: fs
	scanners: vuln
	ignore-unfixed: true
	format: sarif
	output: trivy-results.sarif
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
	with:
	sarif_file: trivy-results.sarif

	codeql:
	name: CodeQL
	runs-on: ubuntu-latest
	permissions:
	security-events: write # for codeQL to write security events
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Initialize CodeQL
	uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
	with:
	languages: go
	- name: Autobuild
	uses: github/codeql-action/autobuild@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(release): configure Helm chart release (#4867) #14912

Workflow file

ci(release): configure Helm chart release (#4867) #14912

Jobs

Run details

Workflow file for this run