mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2025-09-12 05:40:05 +00:00
39 lines
869 B
YAML
39 lines
869 B
YAML
name: "Trufflehog: check for exposed secrets"
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
paths:
|
|
- "**.nix"
|
|
- ".github/workflows/check-leaks.yml"
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
deadnix:
|
|
name: Run trufflehog
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.ref_name }}
|
|
fetch-depth: 0
|
|
|
|
- id: trufflehog
|
|
name: TruffleHog scan
|
|
uses: trufflesecurity/trufflehog@add-actions-cli-switch
|
|
continue-on-error: true
|
|
with:
|
|
path: ./
|
|
base: "${{ github.event.repository.default_branch }}"
|
|
head: HEAD
|
|
extra_args: --debug --only-verified
|
|
|
|
- name: Scan Results Status
|
|
if: steps.trufflehog.outcome == 'failure'
|
|
run: exit 1
|