Skip to content

Wire Prometheus metrics to business logic across all components #6

Wire Prometheus metrics to business logic across all components

Wire Prometheus metrics to business logic across all components #6

Workflow file for this run

name: Dependency Scan
on:
push:
paths:
- 'go.mod'
- 'go.sum'
pull_request:
paths:
- 'go.mod'
- 'go.sum'
schedule:
- cron: '0 6 * * 1'
workflow_dispatch:
permissions:
contents: read
security-events: write
pull-requests: write
jobs:
dependency-review:
name: Dependency Review
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, CC0-1.0, Unlicense
trivy-scan:
name: Trivy Vulnerability Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: .
severity: CRITICAL,HIGH
exit-code: 1
format: sarif
output: trivy-results.sarif
- name: Upload Trivy results
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif
outdated-check:
name: Outdated Dependencies
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Check for outdated dependencies
run: |
echo "## Outdated Dependencies" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
go list -u -m all 2>/dev/null | grep '\[' | while read -r line; do
echo "- $line" >> "$GITHUB_STEP_SUMMARY"
done
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "_Checked on $(date -u +%Y-%m-%d)_" >> "$GITHUB_STEP_SUMMARY"