From 43f63c2b16657d94f764ee9506051f599fafca9a Mon Sep 17 00:00:00 2001
From: KonradStaniec <konrad.staniec@gmail.com>
Date: Mon, 25 Nov 2024 10:20:51 +0100
Subject: [PATCH] fix gosec after merge to main

---
 .github/workflows/publish.yml | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e72f5d2..67926fc 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,7 +18,7 @@ jobs:
       run-lint: true
       run-build: true
       run-gosec: true
-      gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil ./..."
+      gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil -exclude-dir=covenant-signer ./..."
 
   docker_pipeline:
     needs: ["lint_test"]
@@ -33,4 +33,23 @@ jobs:
       # required for all workflows
       security-events: write
       # required to fetch internal or private CodeQL packs
-      packages: read
\ No newline at end of file
+      packages: read
+
+  go_sec_covenant_signer:
+    runs-on: ubuntu-24.04
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Fetch Repository
+        uses: actions/checkout@v4
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '^1.23.x'
+          check-latest: true
+          cache: false
+      - name: Install Gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - name: Run Gosec (covenant-signer)
+        working-directory: ./covenant-signer
+        run: gosec ./...