diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 09:01:56 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 09:01:56 +0000 |
| commit | 89c4287dc1d423987b3ed83c28335bb3dcb0f06e (patch) | |
| tree | b2406a87652796c5a1622815061870d1c45322d5 /.github/workflows/secret-scanner.yml | |
| parent | Adding upstream version 0.15.0. (diff) | |
| download | anta-upstream/1.0.0.tar.xz anta-upstream/1.0.0.zip | |
Adding upstream version 1.0.0.upstream/1.0.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github/workflows/secret-scanner.yml')
| -rw-r--r-- | .github/workflows/secret-scanner.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml new file mode 100644 index 0000000..8210953 --- /dev/null +++ b/.github/workflows/secret-scanner.yml @@ -0,0 +1,30 @@ +# Secret-scanner workflow from Arista Networks. +on: + pull_request: + types: [synchronize] + push: + branches: + - main +name: Secret Scanner (go/secret-scanner) +jobs: + scan_secret: + name: Scan incoming changes + runs-on: ubuntu-latest + container: + image: ghcr.io/aristanetworks/secret-scanner-service:main + options: --name sss-scanner + steps: + - name: Checkout ${{ github.ref }} + # Hitting https://github.com/actions/checkout/issues/334 so trying v1 + uses: actions/checkout@v1 + with: + fetch-depth: 0 + - name: Run scanner + run: | + git config --global --add safe.directory $GITHUB_WORKSPACE + scanner commit . github ${{ github.repository }} \ + --markdown-file job_summary.md \ + ${{ github.event_name == 'pull_request' && format('--since-commit {0}', github.event.pull_request.base.sha) || ''}} + - name: Write result to summary + run: cat ./job_summary.md >> $GITHUB_STEP_SUMMARY + if: ${{ always() }} |