create a separate workflow for go analyse

eljohnson92 · eljohnson92 · commit e5180233102f · 2024-04-25T12:57:04.000-04:00
diff --git a/.github/workflows/build_test_ci.yml b/.github/workflows/build_test_ci.yml
@@ -70,54 +70,6 @@ jobs:
         token: ${{ secrets.CODECOV_TOKEN }}
         slug: linode/cluster-api-provider-linode
 
-
-  go-analyse:
-    needs:  go-build-test
-    runs-on: ubuntu-latest
-    steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@v2
-      with:
-        disable-sudo: true
-        egress-policy: block
-        allowed-endpoints: >
-          api.github.com:443
-          github.com:443
-          proxy.golang.org:443
-          sum.golang.org:443
-          objects.githubusercontent.com:443
-          registry-1.docker.io:443
-          auth.docker.io:443
-          production.cloudflare.docker.com:443
-          vuln.go.dev:443
-          storage.googleapis.com:443
-
-    - uses: actions/checkout@v4
-
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version-file: 'go.mod'
-        check-latest: true
-
-    - name: Docker cache
-      uses: ScribeMD/docker-cache@0.5.0
-      with:
-        key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}
-
-    - name: Lint
-      run: make lint
-
-    - name: Gosec
-      run: make gosec
-
-    - name: Vulncheck
-      continue-on-error: true
-      run: make vulncheck
-    
-    - name: Nilcheck
-      run: make nilcheck
-
   e2e-test:
     needs:  [go-build-test, docker-build]
     runs-on: ubuntu-latest
diff --git a/.github/workflows/go-analyze.yml b/.github/workflows/go-analyze.yml
@@ -0,0 +1,77 @@
+name: Go Analyze
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - "*"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      # Expose matched filters as job 'src' output variable
+      src: ${{ steps.filter.outputs.src }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          predicate-quantifier: 'every'
+          filters: |
+            src: 
+             - '!**/**.md'
+             - '!docs/**'
+  go-analyze:
+    needs: changes
+    runs-on: ubuntu-latest
+    if: ${{ needs.changes.outputs.src == 'true' }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            proxy.golang.org:443
+            sum.golang.org:443
+            objects.githubusercontent.com:443
+            raw.githubusercontent.com:443
+            auth.docker.io:443
+            production.cloudflare.docker.com:443
+            vuln.go.dev:443
+            storage.googleapis.com:443
+
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+          cache: false
+
+      - name: lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+
+      - name: Nilcheck
+        run: make nilcheck
