name: Run Gosec
on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  tests:
    runs-on: ubuntu-latest
    container:
      image: gitea/runner-images:ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Prepare
        run: mkdir -p reports

      - name: Run Gosec Security Scanner
        uses: securego/gosec@master
        with:
          args: -fmt=json -out=reports/results.json -stdout -verbose=text ./...

      - name: Upload Gosec reports
        uses: actions/upload-artifact@v3
        with:
          name: gsec-results.json
          path: reports/results.json