From 8f2edb8a0f18885be89e6a3bff9988b8f59bde00 Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 28 Jul 2025 22:33:15 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Update=20CI/CD=20section=20and?= =?UTF-8?q?=20fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 08919f4..df3a877 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ nix-shell -p sops --run "sops updatekeys secrets/example.yaml" ``` ## 👷 CI/CD coverage -Currently, this repository houses 2 workflows, which are executed when pushing to the v2 branch. +Currently, this repository houses 4 workflows, which are executed when pushing to the v2 branch. #### ↪️ `Nix: check for unused code` This workflow can be found in `.github/workflows/deadnix.yml`, @@ -96,13 +96,18 @@ To be specific, it does the following: #### ↪️ `Nix: validate flake.lock` This workflow can be found in `.github/workflows/validate-lock.yml`. It simply scans flake lockfiles for duplicate entries using `nix run github:tgirlcloud/pkgs#locker`. -Under the hood it makes use of the locker lockfile linter, created by the [tgirlcloud](https://github.com/tgirlcloud) team (mostly [isabelroses](https://github.com/isabelroses). +Under the hood it makes use of the locker lockfile linter, created by the [tgirlcloud](https://github.com/tgirlcloud) team (mostly [isabelroses](https://github.com/isabelroses)). To be specific, it does the following: 1. Checks out current branch 2. Installs nix with some experimental features (flakes, nix-command) 3. Runs `nix run github:tgirlcloud/pkgs#locker` on the codebase +#### ↪️ `Trufflehog: check for exposed secrets` +This workflow can be found in `.github/workflows/check-leaks.yml`. +It runs the Trufflehog security tools on the entire repository, and tries to detect any leaked credentials. +This is a last barrier of defense to minimise damage, in case of an emergency. + ## 📝 Future goals and improvements (2025-07-28) Some of my future goals for this flake are: