Skip to content

feat: adding sarif file extension validation support #268

feat: adding sarif file extension validation support

feat: adding sarif file extension validation support #268

Workflow file for this run

---
name: Go Report Card
on:
push:
branches:
- main
pull_request:
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
goreportcard:
strategy:
matrix:
go: ["stable"]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ matrix.go }}
cache: false
- name: Checkout gojp/goreportcard repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: gojp/goreportcard
path: goreportcard
- name: Install goreportcard-cli
# goreportcard-cli requires the following linters:
# 1. gometalinter
# 2. golint
# 3. gocyclo
# 4. ineffassign
# 5. misspell
# among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
# Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
run: |
cd goreportcard
# Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
# Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
make install
# Install goreportcard-cli binary
go install ./cmd/goreportcard-cli
- name: Checkout Boeing/config-file-validator repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run goreportcard
run: |
# Failure threshold is set to 95% to fail at any errors. Default is 75%.
goreportcard-cli -t 95