added github actions for security, metric and super-linter

cuietviper · cuietviper · commit 2f4b5a142832 · 2025-08-18T23:16:54.000+02:00
added github actions for gosec (security), metric embedded for github and super-linter
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
@@ -0,0 +1,26 @@
+# GoSec Security Checker
+# This workflow runs gosec to check Go code for security issues
+name: GoSec Security Checker
+
+on:
+  push:
+    paths:
+      - '**.go'
+  pull_request:
+    paths:
+      - '**.go'
+
+jobs:
+  gosec:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - name: Run gosec
+        run: ~/go/bin/gosec ./...
diff --git a/.github/workflows/metrics.yml b/.github/workflows/metrics.yml
@@ -0,0 +1,27 @@
+# GitHub Metrics
+# This workflow generates a metrics SVG and commits it to the repository
+name: Metrics Embed
+
+on:
+  schedule: [{cron: "0 0 * * 0"}] # every week
+  workflow_dispatch:
+
+jobs:
+  github-metrics:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Metrics embed
+        uses: lowlighter/metrics@latest
+        with:
+          filename: metrics.svg
+          token: ${{ secrets.GITHUB_TOKEN }}
+          base: "header, activity, community, repositories, metadata"
+          plugin_languages: yes
+          plugin_traffic: yes
+      - name: Commit metrics
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+          git add metrics.svg
+          git commit -m "chore: update metrics [skip ci]" || echo "No changes to commit"
+          git push
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -0,0 +1,34 @@
+# Super-Linter
+# This workflow runs GitHub's Super-Linter on push and pull requests
+name: Super-Linter
+
+on: # yamllint disable-line rule:truthy
+  push: null
+  pull_request: null
+
+permissions: {}
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # super-linter needs the full git history to get the
+          # list of files that changed across commits
+          fetch-depth: 0
+
+      - name: Super-linter
+        uses: super-linter/super-linter@v8.0.0 # x-release-please-version
+        env:
+          # To report GitHub Actions status checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
