-
Notifications
You must be signed in to change notification settings - Fork 125
32 lines (30 loc) · 1.17 KB
/
secrets-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: secrets
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: scan
run: |
export DEBIAN_FRONTEND=noninteractive && \
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections && \
sudo apt-get update && \
python3 -m pip install --upgrade pip && \
pip3 install whispers && \
mkdir /home/runner/reports/ && \
whispers --severity BLOCKER,CRITICAL -o /home/runner/reports/whispers.json -c ${GITHUB_WORKSPACE}/.github/workflows/config/whispers-config.yml ${GITHUB_WORKSPACE} && \
echo "::set-output name=found-count::$(wc -l /home/runner/reports/whispers.json | cut -d' ' -f1)"
- name: Fail if found
if: steps.scan.outputs.found-count != 0
uses: actions/github-script@v6
with:
script: |
echo {{steps.scan.outputs.found-count}} && \
core.setFailed('Secrets found. Please check the uploaded report')
- name: Upload scan reports
uses: actions/[email protected]
if: failure()
with:
name: whispers-report
path: /home/runner/reports/whispers.json