File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -55,12 +55,47 @@ jobs:
5555 ocm-labels : ${{ toJSON(matrix.args.ocm-labels) }}
5656 extra-tags : latest
5757
58- sast-lint :
59- uses : gardener/cc-utils/.github/workflows/sastlint-ocm.yaml@master
60- with :
61- go-version : ' 1.25'
62- linter : gosec
63- run : .ci/verify
64- permissions :
65- contents : read
66-
58+ verify :
59+ runs-on : ubuntu-latest
60+ steps :
61+ - uses : actions/setup-go@v5
62+ with :
63+ go-version : ' 1.25'
64+ - uses : gardener/cc-utils/.github/actions/trusted-checkout@master
65+ - uses : gardener/cc-utils/.github/actions/install-gardener-gha-libs@master
66+ - name : run-verify
67+ run : |
68+ set -eu
69+ mkdir /tmp/blobs.d
70+ .ci/verify |& tee /tmp/blobs.d/verify-log.txt
71+ tar czf /tmp/blobs.d/gosec-report.tar.gz gosec-report.sarif
72+ tar czf /tmp/blobs.d/verify-log.tar.gz -C /tmp/blobs.d verify-log.txt
73+ name : add-reports-to-component-descriptor
74+ uses : gardener/cc-utils/.github/actions/export-ocm-fragments@master
75+ with :
76+ blobs-directory : /tmp/blobs.d
77+ ocm-resources : |
78+ - name: gosec-report
79+ relation: local
80+ access:
81+ type: localBlob
82+ localReference: gosec-report.tar.gz
83+ labels:
84+ - name: gardener.cloud/purposes
85+ value:
86+ - lint
87+ - sast
88+ - gosec
89+ - name: gardener.cloud/comment
90+ value: |
91+ we use gosec (linter) for SAST scans
92+ see: https://github.com/securego/gosec
93+ - name: test-results
94+ relation: local
95+ access:
96+ type: localBlob
97+ localReference: verify-log.tar.gz
98+ labels:
99+ - name: gardener.cloud/purposes
100+ value:
101+ - test
You can’t perform that action at this time.
0 commit comments