name: vmware-go-kcl-v2

on:
  push:
    branches: [ main ]
    paths-ignore: [ README.md ]
  pull_request:
    branches: [ main ]
    paths-ignore: [ README.md ]

jobs:
  build:
    name: Continous Integration
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2

      - name: Set up Go 1.17.x
        uses: actions/setup-go@v2
        with:
          go-version: ^1.17
        id: go

      - name: Build
        shell: bash
        run: |
          make build

      - name: Test
        shell: bash
        run: |
          make test

  scans:
    name: Checks, Lints and Scans
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2

      - name: Set up Go 1.17.x
        uses: actions/setup-go@v2
        with:
          go-version: ^1.17
        id: go

      - name: Format Check
        shell: bash
        run: |
          make format-check

      - name: Lint
        shell: bash
        run: |
          make lint-docker

      - name: Run Gosec Security Scanner
        uses: securego/gosec@master
        with:
          # let the report trigger content trigger a failure using the GitHub Security features.
          args: '-no-fail -fmt sarif -out results.sarif -exclude-dir internal -exclude-dir vendor -severity high ./...'

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          # path to SARIF file relative to the root of the repository
          sarif_file: results.sarif