Update github workflows

auth0 · Jul 31, 2023 · 7ae0ecb · 7ae0ecb
1 parent e69917f
commit 7ae0ecb
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 16 deletions.
diff --git a/.github/workflows/go.yml → .github/workflows/main.yml b/.github/workflows/go.yml → .github/workflows/main.yml
@@ -1,10 +1,10 @@
-name: Go
+name: Main Workflow
 
 on:
+  pull_request: {}
   push:
-    branches:
-      - main
-  pull_request:
+    branches: [ "main" ]
+
 
 concurrency:
   group: one-at-time
@@ -22,17 +22,14 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
 
       - name: Check that docs were generated
         run: make check-docs
 
-      - name: Check for go vulnerabilities
-        run: make check-vuln
-
       - name: Check for linting errors
         uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # pin@3.6.0
         with:
@@ -47,7 +44,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
@@ -76,7 +73,7 @@ jobs:
           fetch-depth: 2
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
@@ -112,7 +109,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true

diff --git a/.github/workflows/semgrep.yml → .github/workflows/security.yml b/.github/workflows/semgrep.yml → .github/workflows/security.yml
@@ -2,8 +2,8 @@ name: "Semgrep"
 
 on:
   workflow_run:
-    workflows:
-      -  "(PR) Trigger Deferred"
+    workflows: [ "(PR) Trigger Deferred" ]
+    types: [ completed ]
   push:
     branches:
       - main
@@ -14,15 +14,22 @@ permissions: {}
 
 jobs:
   semgrep:
-    name: Scan
+    name: Semgrep Scan
     runs-on: ubuntu-latest
-
     container:
       image: returntocorp/semgrep
 
     steps:
       - uses: actions/checkout@v3
-
       - run: semgrep ci
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+  govulncheck:
+    name: Vulnerabilities Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Scan for vulnerabilities in go code
+        uses: golang/govulncheck-action@dd3ead030e4f2cf713062f7a3395191802364e13 # pin@1.0.0
+        with:
+          check-latest: true