|
13 | 13 | SAST: |
14 | 14 | name: Perform SAST analysis (golangci-lint) |
15 | 15 | runs-on: ubuntu-latest |
| 16 | + outputs: |
| 17 | + linters_table: ${{ steps.get_linters.outputs.linters_table }} |
16 | 18 |
|
17 | 19 | steps: |
18 | 20 | - name: Checkout code |
|
34 | 36 | args: --timeout=10m |
35 | 37 | skip-cache: true |
36 | 38 |
|
| 39 | + - name: Get enabled linters as a table |
| 40 | + id: get_linters |
| 41 | + if: success() |
| 42 | + run: | |
| 43 | + LINTERS_OUTPUT=$(golangci-lint linters) |
| 44 | + # Isolate the enabled linters block, remove the header, and remove the final blank line |
| 45 | + ENABLED_BLOCK=$(echo "$LINTERS_OUTPUT" | awk '/^Enabled by your configuration linters:/,/^$/' | sed '1d;$d') |
| 46 | +
|
| 47 | + # Prepare the Markdown table header |
| 48 | + MD_TABLE="| Linter | Description |\n|---|---|\n" |
| 49 | +
|
| 50 | + # Process each line to build the table rows |
| 51 | + while IFS= read -r line; do |
| 52 | + # Remove the trailing [...] tags, e.g., [fast], [auto-fix] |
| 53 | + line_no_tags=$(echo "$line" | sed 's/ \[[^]]*\]$//') |
| 54 | + # Split the line into linter and description at the first colon |
| 55 | + linter=$(echo "$line_no_tags" | cut -d':' -f1) |
| 56 | + description=$(echo "$line_no_tags" | cut -d':' -f2- | sed 's/^ *//') |
| 57 | + # Append the formatted row to the table |
| 58 | + MD_TABLE+=$"| \`$linter\` | $description |\n" |
| 59 | + done <<< "$ENABLED_BLOCK" |
| 60 | +
|
| 61 | + # Use a heredoc to pass the multiline Markdown table to the job output |
| 62 | + echo "linters_table<<EOF" >> $GITHUB_OUTPUT |
| 63 | + echo -e "$MD_TABLE" >> $GITHUB_OUTPUT |
| 64 | + echo "EOF" >> $GITHUB_OUTPUT |
| 65 | +
|
37 | 66 | SCA: |
38 | 67 | name: Perform SCA analysis (govulncheck) |
39 | 68 | runs-on: ubuntu-latest |
|
56 | 85 | go-version-input: ${{ env.GO_VERSION }} |
57 | 86 | go-package: ./... |
58 | 87 | cache: false |
| 88 | + |
| 89 | + Summary: |
| 90 | + name: Workflow Summary |
| 91 | + runs-on: ubuntu-latest |
| 92 | + if: success() |
| 93 | + needs: [SAST, SCA] |
| 94 | + steps: |
| 95 | + - name: Create Success Summary |
| 96 | + run: | |
| 97 | + echo "## ✅ Security Scans Successful" >> $GITHUB_STEP_SUMMARY |
| 98 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 99 | + echo "All security checks passed. No new issues were found." >> $GITHUB_STEP_SUMMARY |
| 100 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 101 | + echo "---" >> $GITHUB_STEP_SUMMARY |
| 102 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 103 | + echo "### SAST (golangci-lint)" >> $GITHUB_STEP_SUMMARY |
| 104 | + echo "The following linters were enabled for the scan:" >> $GITHUB_STEP_SUMMARY |
| 105 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 106 | + # Print the pre-formatted Markdown table from the SAST job's output |
| 107 | + echo "${{ needs.SAST.outputs.linters_table }}" >> $GITHUB_STEP_SUMMARY |
| 108 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 109 | + echo "### SCA (govulncheck)" >> $GITHUB_STEP_SUMMARY |
| 110 | + echo "No vulnerabilities were found." >> $GITHUB_STEP_SUMMARY |
0 commit comments