name: git-secrets
|
|
# Controls when the workflow will run
|
|
# Triggers the workflow on push or pull request events but only for the main branch
|
|
on: [push]
|
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
|
jobs:
|
|
# This workflow contains a single job called "main"
|
|
git-secrets:
|
|
# The type of runner that the job will run on
|
|
runs-on: ubuntu-22.04
|
|
# Steps represent a sequence of tasks that will be executed as part of the job
|
|
steps:
|
|
- name: Check Out Source Code
|
|
uses: actions/checkout@v3
|
|
- name: Set up Python 3.8
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.8
|
|
- name: Installing dependencies
|
|
run:
|
|
sudo apt-get install less openssh-server
|
|
- name: Installing scanning tool
|
|
run: |
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
ln -s "$(which echo)" /usr/local/bin/say
|
|
brew install git-secrets
|
|
git secrets --install
|
|
git secrets --register-aws
|
|
- name: Running scanning tool
|
|
run:
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
git secrets --scan
|