Skip to content

🚨 Address linter warnings. #5

🚨 Address linter warnings.

🚨 Address linter warnings. #5

Workflow file for this run

name: betterleaks
on:
pull_request:
push:
workflow_dispatch:
concurrency:
# github.event.pull_request.number || github.ref: pull request number or branch name if not a pull request
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CHECK_PERMISSIONS: 0
permissions: {}
jobs:
pre_job:
name: Check for Duplicate Actions
runs-on: ubuntu-latest
permissions:
actions: write # Need to check/cancel actions.
# Map a step output to a job output
outputs:
should_skip: ${{ steps.check-duplicate-actions.outputs.should_skip }}
steps:
- id: check-permissions
name: Check action permissions
uses: GitHubSecurityLab/actions-permissions/monitor@bf82d13b9b10051d224345ab9184f5ede0a94289 # v1.0.2-beta9
if: env.CHECK_PERMISSIONS == '1'
- id: check-duplicate-actions
name: Check for duplicate actions
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
cancel_others: 'true'
skip_after_successful_duplicate: 'true'
concurrent_skipping: same_content_newer
scan-secrets:
name: Scan for secrets
needs: pre_job
if: needs.pre_job.outputs.should_skip != 'true'
runs-on: ubuntu-latest
permissions:
actions: write
contents: read
pull-requests: write
security-events: read
steps:
- id: check-permissions
name: Check action permissions
uses: GitHubSecurityLab/actions-permissions/monitor@bf82d13b9b10051d224345ab9184f5ede0a94289 # v1.0.2-beta9
if: env.CHECK_PERMISSIONS == '1'
- id: checkout-repo
name: Checkout repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- id: betterleaks
name: Detect secrets
uses: dortort/betterleaks-action@cd0b905aa4befb8f42f8b1ab98150180c9e77515 # v0.1.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
fail-on-leak: 'true'
redact: 'true'
# Auto-mode: git scan on push, dir scan on PR
scan-mode: auto
- id: upload-results
name: Upload betterleaks results
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: betterleaks-report
path: ${{ steps.betterleaks.outputs.report-path }}