30 lines
837 B
YAML
30 lines
837 B
YAML
on:
|
|
push:
|
|
|
|
name: Secret Leaks
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
trufflehog:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- shell: bash
|
|
run: |
|
|
if [ "${{ github.event_name }}" == "push" ]; then
|
|
echo "depth=$(($(jq length <<< '${{ toJson(github.event.commits) }}') + 2))" >> $GITHUB_ENV
|
|
echo "branch=${{ github.ref_name }}" >> $GITHUB_ENV
|
|
fi
|
|
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
|
echo "depth=$((${{ github.event.pull_request.commits }}+2))" >> $GITHUB_ENV
|
|
echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_ENV
|
|
fi
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{env.branch}}
|
|
fetch-depth: ${{env.depth}}
|
|
- name: Secret Scanning
|
|
uses: trufflesecurity/trufflehog@main
|