Skip to content

ci: add vet/fmt/tidy + cross-platform build; refresh README badges #75

Merged
ashishkurmi merged 4 commits into
step-security:mainfrom
swarit-stepsecurity:swarit/chore/go-quality-checks-and-badges
May 14, 2026
Merged

ci: add vet/fmt/tidy + cross-platform build; refresh README badges #75
ashishkurmi merged 4 commits into
step-security:mainfrom
swarit-stepsecurity:swarit/chore/go-quality-checks-and-badges

Conversation

@swarit-stepsecurity
Copy link
Copy Markdown
Member

@swarit-stepsecurity swarit-stepsecurity commented May 14, 2026

What does this PR do?

Type of change

  • Bug fix
  • Enhancement
  • Documentation

Testing

  • Tested on macOS (version: ___)
  • Binary runs without errors: ./stepsecurity-dev-machine-guard --verbose
  • JSON output is valid: ./stepsecurity-dev-machine-guard --json | python3 -m json.tool
  • No secrets or credentials included
  • Lint passes: make lint
  • Tests pass: make test

Related Issues

@swarit-stepsecurity
chore: apply gofmt across the tree
4b6988d 
No functional changes — pure whitespace/alignment fixes flagged by
'gofmt -l .'. Done as a one-time cleanup so the new CI gofmt step
starts from a clean tree.
@swarit-stepsecurity
ci: add vet/fmt/tidy + cross-platform build; refresh README badges
abb5b7e 
CI:
- New steps in the lint job: 'go vet ./...', 'gofmt -l .' check, and
  'go mod tidy' drift check. Matches the agent-api Go-checks shape.
- New 'build' job: matrix over linux/amd64, darwin/arm64, windows/amd64
  running 'go build ./...' so platform-specific regressions surface in
  CI rather than at release time.

README badges:
- Replaced two dead workflow links ('go.yml', 'shellcheck.yml' — both
  nonexistent in this repo) with the real workflow ('tests.yml') and
  the release workflow.
- Added Go Report Card and pkg.go.dev badges.
- Swapped the hard-coded '1.9.2' version badge for a shields.io
  query that auto-tracks the latest GitHub release.
@swarit-stepsecurity
ci: add gosec SAST workflow + README badge
d4f0ab5 
Adds a dedicated Gosec workflow that runs on PRs to main, pushes to
main, and weekly. Mirrors the agent-api split between functional
tests (test.yml) and SAST (semgrep.yml).

- securego/gosec scans the tree and emits SARIF.
- SARIF is uploaded to the GitHub code-scanning UI so findings land
  in the Security tab and the PR Files-changed view.
- -no-fail keeps the workflow green; the value here is the visibility,
  not gate-keeping. Promote to a fail-on-finding later when the
  baseline is clean.
- Pinned by SHA: gosec v2.26.1, codeql-action/upload-sarif v4.35.4.

README gets a Gosec badge alongside Tests / Release.
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 14, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@ashishkurmi ashishkurmi merged commit b71addd into step-security:main May 14, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashishkurmi ashishkurmi ashishkurmi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@swarit-stepsecurity @github-advanced-security @ashishkurmi