(resolved *ResolvedWorkflow, opts AddOptions)
| 424 | } |
| 425 | |
| 426 | func validateWorkflowSecurity(resolved *ResolvedWorkflow, opts AddOptions) error { |
| 427 | if !opts.DisableSecurityScanner { |
| 428 | if findings := workflow.ScanMarkdownSecurity(string(resolved.Content)); len(findings) > 0 { |
| 429 | fmt.Fprintln(os.Stderr, console.FormatErrorMessage("Security scan failed for workflow")) |
| 430 | fmt.Fprintln(os.Stderr, workflow.FormatSecurityFindings(findings, resolved.Spec.WorkflowPath)) |
| 431 | return fmt.Errorf("workflow '%s' failed security scan: %d issue(s) detected", resolved.Spec.WorkflowPath, len(findings)) |
| 432 | } |
| 433 | if opts.Verbose { |
| 434 | fmt.Fprintln(os.Stderr, console.FormatSuccessMessage("Security scan passed")) |
| 435 | } |
| 436 | } else if opts.Verbose { |
| 437 | fmt.Fprintln(os.Stderr, console.FormatWarningMessage("Security scanning disabled")) |
| 438 | } |
| 439 | return nil |
| 440 | } |
| 441 | |
| 442 | func resolveWorkflowTargetDir(opts AddOptions) (gitRoot, githubWorkflowsDir string, err error) { |
| 443 | gitRoot, err = gitutil.FindGitRoot() |
no test coverage detected