From 1a71c52ef33f085f108c078e49f501180fcc9cc6 Mon Sep 17 00:00:00 2001
From: Robert Kowalski <robert.kowalski@new-work.se>
Date: Mon, 25 Jul 2022 14:12:48 +0200
Subject: [PATCH] lint: add ReadHeaderTimeout (#1277)

currently build fail with:

```
run golangci-lint
  Running [/home/runner/golangci-lint-1.47.0-linux-amd64/golangci-lint run --out-format=github-actions] in [] ...
  Error: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
```

for example in this PR:
https://github.com/nektos/act/runs/7405009660?check_suite_focus=true

this sets the required ReadHeaderTimeout
---
 pkg/artifacts/server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/artifacts/server.go b/pkg/artifacts/server.go
index a470fb4..06a7706 100644
--- a/pkg/artifacts/server.go
+++ b/pkg/artifacts/server.go
@@ -12,6 +12,7 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+	"time"
 
 	"github.com/julienschmidt/httprouter"
 	"github.com/nektos/act/pkg/common"
@@ -277,7 +278,11 @@ func Serve(ctx context.Context, artifactPath string, port string) context.Cancel
 	downloads(router, fs)
 	ip := common.GetOutboundIP().String()
 
-	server := &http.Server{Addr: fmt.Sprintf("%s:%s", ip, port), Handler: router}
+	server := &http.Server{
+		Addr:              fmt.Sprintf("%s:%s", ip, port),
+		ReadHeaderTimeout: 2 * time.Second,
+		Handler:           router,
+	}
 
 	// run server
 	go func() {