GitHub Actions
34 lines
1023 B
YAML
34 lines
1023 B
YAML
version: "2"
|
|
|
|
run:
|
|
timeout: 2m
|
|
tests: true # Include test files to catch security issues early
|
|
|
|
linters:
|
|
enable:
|
|
- staticcheck # Primary focus - catches subtle bugs
|
|
- govet # Essential Go checks
|
|
- errcheck # Unchecked errors
|
|
- ineffassign # Ineffectual assignments
|
|
- unused # Unused code detection
|
|
- gosec # Security checks (critical issues only)
|
|
settings:
|
|
govet:
|
|
enable:
|
|
- shadow
|
|
errcheck:
|
|
exclude-functions:
|
|
- (io.Closer).Close
|
|
- (*os.File).Close
|
|
- (net/http.ResponseWriter).Write
|
|
gosec:
|
|
# Only check CRITICAL security issues for fast pre-commit
|
|
includes:
|
|
- G101 # Hardcoded credentials
|
|
- G110 # Potential DoS via decompression bomb
|
|
- G305 # File traversal when extracting archive
|
|
- G401 # Weak crypto (MD5, SHA1)
|
|
- G501 # Blacklisted import crypto/md5
|
|
- G502 # Blacklisted import crypto/des
|
|
- G503 # Blacklisted import crypto/rc4
|