Skip to content

Merge pull request #879 from anarkiwi/bf #1670

Merge pull request #879 from anarkiwi/bf

Merge pull request #879 from anarkiwi/bf #1670

Workflow file for this run

name: secrets
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: scan
run: |
export DEBIAN_FRONTEND=noninteractive && \
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections && \
sudo apt-get update && \
python3 -m pip install --upgrade pip && \
pip3 install whispers && \
mkdir /home/runner/reports/ && \
whispers --severity BLOCKER,CRITICAL -o /home/runner/reports/whispers.json -c ${GITHUB_WORKSPACE}/.github/workflows/config/whispers-config.yml ${GITHUB_WORKSPACE} && \
echo "::set-output name=found-count::$(wc -l /home/runner/reports/whispers.json | cut -d' ' -f1)"
- name: Fail if found
if: steps.scan.outputs.found-count != 0
uses: actions/github-script@v6
with:
script: |
echo {{steps.scan.outputs.found-count}} && \
core.setFailed('Secrets found. Please check the uploaded report')
- name: Upload scan reports
uses: actions/[email protected]
if: failure()
with:
name: whispers-report
path: /home/runner/reports/whispers.json