ci: update CI workflows to latest actions and enhance Trivy scanning #93

	name: Run Tests

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v5

	- name: Setup go
	uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	check-latest: true

	- name: Setup golangci-lint
	uses: golangci/golangci-lint-action@v8
	with:
	version: v2.1

	- name: Bearer
	uses: bearer/bearer-action@v2
	with:
	diff: true

	test:
	strategy:
	matrix:
	os: [ubuntu-latest]
	go: [1.23, 1.24, 1.25]
	include:
	- os: ubuntu-latest
	go-build: ~/.cache/go-build
	name: ${{ matrix.os }} @ Go ${{ matrix.go }}
	runs-on: ${{ matrix.os }}
	env:
	GO111MODULE: on
	GOPROXY: https://proxy.golang.org
	steps:
	- name: Set up Go ${{ matrix.go }}
	uses: actions/setup-go@v5
	with:
	go-version: ${{ matrix.go }}

	- name: Checkout Code
	uses: actions/checkout@v5
	with:
	ref: ${{ github.ref }}

	- uses: actions/cache@v4
	with:
	path: \|
	${{ matrix.go-build }}
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-
	- name: Run Tests
	run: \|
	go test -v -covermode=atomic -coverprofile=coverage.out

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v5
	with:
	flags: ${{ matrix.os }},go-${{ matrix.go }}
	vulnerability-scanning:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	with:
	fetch-depth: 0

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/[email protected]
	with:
	scan-type: "fs"
	ignore-unfixed: true
	format: "table"
	exit-code: "1"
	severity: "CRITICAL,HIGH,MEDIUM"

Provide feedback