really for real go static analysis #5050
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency scan | |
| on: [push] | |
| jobs: | |
| dependency-scan: | |
| name: dependency-scan | |
| runs-on: ubuntu-latest | |
| env: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install and set GHC and Cabal versions | |
| # The first line works around a ghcup issue: | |
| # https://github.com/actions/runner-images/issues/7061#issuecomment-1422639889 | |
| run: | | |
| sudo chown -R $USER /usr/local/.ghcup | |
| ghcup install ghc 9.8.2 | |
| ghcup set ghc 9.8.2 | |
| ghcup install cabal 3.10.3.0 | |
| ghcup set cabal 3.10.3.0 | |
| cabal update | |
| - name: Log debug information | |
| run: | | |
| ghc --version || echo "no ghc" | |
| cabal --version || echo "no cabal" | |
| ghcup --version || echo "no ghcup" | |
| - name: Install latest release from github | |
| run: ./install-latest.sh -d | |
| - name: Run dependency scan | |
| run: fossa analyze --only-target cabal --only-target cargo | |
| - name: Check for scan results | |
| run: fossa test |