From cfa2467b4e07695a533a90aa3b40b8f38f451634 Mon Sep 17 00:00:00 2001
From: Josef Karasek <karasek.jose@gmail.com>
Date: Wed, 24 Jun 2026 15:13:29 +0200
Subject: [PATCH 1/3] Bring PR check workflow to this repository

Signed-off-by: Josef Karasek <karasek.jose@gmail.com>
---
 .github/workflows/pr-check.yaml | 93 +++++++++++++++++++++++++++++++--
 1 file changed, 89 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
index 64d7e7e..f6942a3 100644
--- a/.github/workflows/pr-check.yaml
+++ b/.github/workflows/pr-check.yaml
@@ -1,6 +1,9 @@
 name: PR Check
 
 on:
+  push:
+    branches:
+      - '*'
   pull_request:
   workflow_dispatch:
 
@@ -13,7 +16,89 @@ permissions:
 
 jobs:
   pr-check:
-    uses: kedify/github-meta/.github/workflows/go-pr-check.yaml@main
-    with:
-      skip_private_key_setup: true
-      continue_on_error: false
+    name: Run PR Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v7
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+
+      - name: Install vulncheck
+        run: |
+          if ! command -v govulncheck; then
+            echo "govulncheck not found, installing..."
+            go install golang.org/x/vuln/cmd/govulncheck@v1.4.0
+          fi
+
+      - name: Verify dependencies
+        run: |
+          set -euo pipefail
+          go mod verify
+          go mod tidy
+          gofmt -s -w .
+          if [[ -n "$(git status --porcelain)" ]]; then
+            echo "dirty repository"
+            git status
+            exit 1
+          fi
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9.2.1
+        with:
+          version: v2.12.2
+          args: --timeout=10m
+
+      - name: Run staticcheck
+        uses: dominikh/staticcheck-action@v1
+        with:
+          version: "v0.6.1"
+
+      - name: Run vulncheck
+        run: |
+          echo -e "### vulncheck\n\n" >> ${GITHUB_STEP_SUMMARY}
+          echo '```' >> ${GITHUB_STEP_SUMMARY}
+          (govulncheck ./... || true) | tee -a ${GITHUB_STEP_SUMMARY}
+          echo '```' >> ${GITHUB_STEP_SUMMARY}
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@v2.24.7
+        with:
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+
+      - name: Normalize SARIF for GitHub upload
+        run: |
+          jq '
+            (.runs[]?.tool.driver.rules[]?) |=
+              (if has("relationships") then
+                if (.relationships | type) == "array" then
+                  .relationships |= map(select(type == "object"))
+                else
+                  del(.relationships)
+                end
+              else
+                .
+              end)
+          ' results.sarif > results.normalized.sarif
+          mv results.normalized.sarif results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+
+      - name: Build
+        env:
+          CGO_ENABLED: 0
+        run: make build
+
+      - name: Test
+        run: make test

From 14113a841903638383b31fe4b27baa2add3baea3 Mon Sep 17 00:00:00 2001
From: Josef Karasek <karasek.jose@gmail.com>
Date: Wed, 24 Jun 2026 15:20:07 +0200
Subject: [PATCH 2/3] fix

Signed-off-by: Josef Karasek <karasek.jose@gmail.com>
---
 .github/workflows/pr-check.yaml | 2 +-
 .github/workflows/release.yaml  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
index f6942a3..1a95d97 100644
--- a/.github/workflows/pr-check.yaml
+++ b/.github/workflows/pr-check.yaml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Install vulncheck
         run: |
-          if ! command -v govulncheck; then
+          if ! command -v govulncheck >/dev/null 2>&1; then
             echo "govulncheck not found, installing..."
             go install golang.org/x/vuln/cmd/govulncheck@v1.4.0
           fi
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f081580..0ea7c46 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,12 +14,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
 

From 121fac5bb61fa70375fc5ac06fc5d08e58211c3f Mon Sep 17 00:00:00 2001
From: Josef Karasek <karasek.jose@gmail.com>
Date: Wed, 24 Jun 2026 15:21:58 +0200
Subject: [PATCH 3/3] remove test trigger

Signed-off-by: Josef Karasek <karasek.jose@gmail.com>
---
 .github/workflows/pr-check.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
index 1a95d97..248160d 100644
--- a/.github/workflows/pr-check.yaml
+++ b/.github/workflows/pr-check.yaml
@@ -1,9 +1,6 @@
 name: PR Check
 
 on:
-  push:
-    branches:
-      - '*'
   pull_request:
   workflow_dispatch: