Skip to content

Job nested process workflow #5188

Job nested process workflow

Job nested process workflow #5188

Workflow file for this run

# look for secrets pushed by mistake
# NOTE: To fix problematic commits that got references to detected secrets, execute the following:
# 1. Assuming the branch is built on top of master for a PR
# >> git rebase -i master
# 2. Then, replace "pick" by "squash" for matched problematic commits
# If this didn't work, more advanced edit of history commits needs to be applied.
# Please refer to git interactive rebase documentation to do so.
# 3. Finally re-run secrets analysis to validate that problems where fixed
name: Secret Scan
on:
- pull_request
- push
# cancel the current workflow if another commit was pushed on the same PR or reference
# uses the GitHub workflow name to avoid collision with other workflows running on the same PR/reference
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
#trufflehog:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@master
# - name: trufflehog-actions-scan
# uses: edplato/trufflehog-actions-scan@master
#- uses: max/secret-scan@master
# with:
# repo-token: "${{ secrets.GITHUB_TOKEN }}"
# ref: https://github.com/svdarren/secrets-workflow/blob/9633bc1195a1ca1d4d70415aa4eff6cf55d706de/.github/workflows/secrets.yml
gitleak:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: '0'
- name: Install dependencies
run: docker pull zricethezav/gitleaks
#- run: |
# docker run --name=gitleaks --volume $GITHUB_WORKSPACE:/workspace/ \
# -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=/workspace/
#- run: docker run --rm --name=gitleaks -v /tmp/:/code/ zricethezav/gitleaks -v --repo-path=/code/gitleaks
# @todo command is failing
#- run: gitleaks -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=$GITHUB_WORKSPACE
# FIXME: revert to original repo when (if) they ever consider the fix
# https://github.com/eshork/gitleaks-action/pull/4
# https://github.com/eshork/gitleaks-action/issues/3
#- uses: fmigneault/gitleaks-action@master
#- uses: zricethezav/gitleaks-action@master
- uses: gitleaks/gitleaks-action@v1.6.0 # see: https://github.com/gitleaks/gitleaks-action/issues/57
#- uses: eshork/gitleaks-action@v1.0.0
#- uses: CySeq/gitcret@v2
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}