merge ci.yaml

Signed-off-by: Kim Tsao <[email protected]>

Author: kim-tsao

.github/workflows/ci.yaml

@@ -28,6 +28,24 @@ jobs:
       - name: Check if registry-library build is working
         run: cd registry-library && bash ./build.sh
 
+      - name: Run Gosec Security Scanner
+        run: |
+          export PATH=$PATH:$(go env GOPATH)/bin
+          go install github.com/securego/gosec/v2/cmd/gosec@latest
+          ./run_gosec.sh
+          if [[ $? != 0 ]]
+          then
+            echo "gosec scanner failed to run "
+            exit 1
+          fi   
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: gosec.sarif
+
+
   docker:
     name: Check docker builds
     runs-on: ubuntu-latest
@@ -63,21 +81,6 @@ jobs:
       - name: Upload coverage to Codecov
         uses: codecov/[email protected]
 
-    - name: Run Gosec Security Scanner
-      run: |
-        go install github.com/securego/gosec/v2/cmd/gosec@latest
-        ./run_gosec.sh
-        if [[ $? != 0 ]]
-        then
-          echo "gosec scanner failed to run "
-          exit 1
-        fi   
-
-    - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        # Path to SARIF file relative to the root of the repository
-        sarif_file: gosec.sarif
 
   test_minikube:
     name: Test Devfile Registry