summaryrefslogtreecommitdiffstats
path: root/.github/workflows/secret-scanner.yml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-17 09:01:56 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-17 09:01:56 +0000
commit89c4287dc1d423987b3ed83c28335bb3dcb0f06e (patch)
treeb2406a87652796c5a1622815061870d1c45322d5 /.github/workflows/secret-scanner.yml
parentAdding upstream version 0.15.0. (diff)
downloadanta-8e0e5d6719a5adbb5b8a264e8da0930dd13b6cf5.tar.xz
anta-8e0e5d6719a5adbb5b8a264e8da0930dd13b6cf5.zip
Adding upstream version 1.0.0.upstream/1.0.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github/workflows/secret-scanner.yml')
-rw-r--r--.github/workflows/secret-scanner.yml30
1 files changed, 30 insertions, 0 deletions
diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml
new file mode 100644
index 0000000..8210953
--- /dev/null
+++ b/.github/workflows/secret-scanner.yml
@@ -0,0 +1,30 @@
+# Secret-scanner workflow from Arista Networks.
+on:
+ pull_request:
+ types: [synchronize]
+ push:
+ branches:
+ - main
+name: Secret Scanner (go/secret-scanner)
+jobs:
+ scan_secret:
+ name: Scan incoming changes
+ runs-on: ubuntu-latest
+ container:
+ image: ghcr.io/aristanetworks/secret-scanner-service:main
+ options: --name sss-scanner
+ steps:
+ - name: Checkout ${{ github.ref }}
+ # Hitting https://github.com/actions/checkout/issues/334 so trying v1
+ uses: actions/checkout@v1
+ with:
+ fetch-depth: 0
+ - name: Run scanner
+ run: |
+ git config --global --add safe.directory $GITHUB_WORKSPACE
+ scanner commit . github ${{ github.repository }} \
+ --markdown-file job_summary.md \
+ ${{ github.event_name == 'pull_request' && format('--since-commit {0}', github.event.pull_request.base.sha) || ''}}
+ - name: Write result to summary
+ run: cat ./job_summary.md >> $GITHUB_STEP_SUMMARY
+ if: ${{ always() }}