name: Run Go Tests and Generate SARIF

on:
  push:
    branches:
      - main
  pull_request:

permissions: read-all

jobs:
  test:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Go
        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
        with:
          go-version-file: 'go.mod'

      - name: Run Go Tests
        shell: bash
        run: go test -json ./... > go-test-results.json

      - name: Convert JSON to SARIF
        uses: ivuorinen/go-test-sarif-action@58ffaaacdb178a5d053f8e8c2693966422a3ecda # v1
        with:
          input_file: go-test-results.json
          output_file: go-test-results.sarif

      - name: Upload SARIF to GitHub Security Tab
        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          sarif_file: go-test-results.sarif