🚨 Address linter warnings. #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: betterleaks | |
| on: | |
| pull_request: | |
| push: | |
| workflow_dispatch: | |
| concurrency: | |
| # github.event.pull_request.number || github.ref: pull request number or branch name if not a pull request | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CHECK_PERMISSIONS: 0 | |
| permissions: {} | |
| jobs: | |
| pre_job: | |
| name: Check for Duplicate Actions | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write # Need to check/cancel actions. | |
| # Map a step output to a job output | |
| outputs: | |
| should_skip: ${{ steps.check-duplicate-actions.outputs.should_skip }} | |
| steps: | |
| - id: check-permissions | |
| name: Check action permissions | |
| uses: GitHubSecurityLab/actions-permissions/monitor@bf82d13b9b10051d224345ab9184f5ede0a94289 # v1.0.2-beta9 | |
| if: env.CHECK_PERMISSIONS == '1' | |
| - id: check-duplicate-actions | |
| name: Check for duplicate actions | |
| uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
| with: | |
| cancel_others: 'true' | |
| skip_after_successful_duplicate: 'true' | |
| concurrent_skipping: same_content_newer | |
| scan-secrets: | |
| name: Scan for secrets | |
| needs: pre_job | |
| if: needs.pre_job.outputs.should_skip != 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| contents: read | |
| pull-requests: write | |
| security-events: read | |
| steps: | |
| - id: check-permissions | |
| name: Check action permissions | |
| uses: GitHubSecurityLab/actions-permissions/monitor@bf82d13b9b10051d224345ab9184f5ede0a94289 # v1.0.2-beta9 | |
| if: env.CHECK_PERMISSIONS == '1' | |
| - id: checkout-repo | |
| name: Checkout repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - id: betterleaks | |
| name: Detect secrets | |
| uses: dortort/betterleaks-action@cd0b905aa4befb8f42f8b1ab98150180c9e77515 # v0.1.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| fail-on-leak: 'true' | |
| redact: 'true' | |
| # Auto-mode: git scan on push, dir scan on PR | |
| scan-mode: auto | |
| - id: upload-results | |
| name: Upload betterleaks results | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| if: always() | |
| with: | |
| name: betterleaks-report | |
| path: ${{ steps.betterleaks.outputs.report-path }} |