From 4f9a9e2b2794995b50f3a6c7e667382e15dc4bfd Mon Sep 17 00:00:00 2001
From: Julien Doutre <36448022+juliendoutre@users.noreply.github.com>
Date: Wed, 24 Jul 2024 18:37:23 +0200
Subject: [PATCH] Run Datadog static analyzer CI best practices lint rules
 (#221)

* Run Datadog static analyzer

* Update permissions
---
 .github/workflows/datadog-static-analysis.yml | 25 +++++++++++++++++++
 static-analysis.datadog.yml                   |  3 +++
 2 files changed, 28 insertions(+)
 create mode 100644 .github/workflows/datadog-static-analysis.yml

diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
new file mode 100644
index 000000000..26514b160
--- /dev/null
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -0,0 +1,25 @@
+name: Datadog Static Analysis
+
+on:
+  push:
+
+permissions:
+  contents: write
+
+jobs:
+  static-analysis:
+    name: Datadog Static Analyzer
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Check code meets quality and security standards
+        id: datadog-static-analysis
+        uses: DataDog/datadog-static-analyzer-github-action@v1
+        with:
+          dd_api_key: ${{ secrets.DD_API_KEY }}
+          dd_app_key: ${{ secrets.DD_APP_KEY }}
+          dd_service: kubehound
+          dd_env: ci
+          dd_site: datadoghq.com
+          cpu_count: 2
diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
index ca85da4ab..09054baf4 100644
--- a/static-analysis.datadog.yml
+++ b/static-analysis.datadog.yml
@@ -1,4 +1,7 @@
 rulesets:
   - go-best-practices
   - go-security
+  - sit-ci-best-practices:
+    only:
+      - ".github/workflows"
 ignorePaths: []