Update github workflows

.github/workflows/go.yml → .github/workflows/main.yml

@@ -1,10 +1,10 @@
-name: Go
+name: Main Workflow
 
 on:
+  pull_request: {}
   push:
-    branches:
-      - main
-  pull_request:
+    branches: [ "main" ]
+
 
 concurrency:
   group: one-at-time
@@ -22,17 +22,14 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
 
       - name: Check that docs were generated
         run: make check-docs
 
-      - name: Check for go vulnerabilities
-        run: make check-vuln
-
       - name: Check for linting errors
         uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # pin@3.6.0
         with:
@@ -47,7 +44,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
@@ -76,7 +73,7 @@ jobs:
           fetch-depth: 2
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true
@@ -112,7 +109,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           check-latest: true

.github/workflows/release.yml

@@ -1,4 +1,4 @@
-name: goreleaser
+name: Release
 
 on:
   push:

.github/workflows/security.yml

@@ -0,0 +1,33 @@
+name: Security
+
+on:
+  pull_request: {}
+  push:
+    branches: [ "main" ]
+  schedule:
+    - cron: "30 0 1,15 * *"
+
+permissions:
+  contents: read
+
+jobs:
+  semgrep:
+    name: Semgrep Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+
+    steps:
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+  govulncheck:
+    name: Vulnerabilities Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Scan for vulnerabilities in go code
+        uses: golang/govulncheck-action@dd3ead030e4f2cf713062f7a3395191802364e13 # pin@1.0.0
+        with:
+          check-latest: true