fix gosec after merge to main

babylonlabs-io · Nov 25, 2024 · 43f63c2 · 43f63c2
1 parent c386ef5
commit 43f63c2
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -18,7 +18,7 @@ jobs:
       run-lint: true
       run-build: true
       run-gosec: true
-      gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil ./..."
+      gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil -exclude-dir=covenant-signer ./..."
 
   docker_pipeline:
     needs: ["lint_test"]
@@ -33,4 +33,23 @@ jobs:
       # required for all workflows
       security-events: write
       # required to fetch internal or private CodeQL packs
-      packages: read
+      packages: read
+
+  go_sec_covenant_signer:
+    runs-on: ubuntu-24.04
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Fetch Repository
+        uses: actions/checkout@v4
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '^1.23.x'
+          check-latest: true
+          cache: false
+      - name: Install Gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - name: Run Gosec (covenant-signer)
+        working-directory: ./covenant-signer
+        run: gosec ./...