-
Notifications
You must be signed in to change notification settings - Fork 0
35 lines (33 loc) · 1.43 KB
/
gitguardian.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
name: GitGuardian scan
on: [push, pull_request]
jobs:
scanning:
name: GitGuardian scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
# Configure 1Password Service Account
- name: Configure 1Password Service Account
uses: 1Password/load-secrets-action/configure@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
# Fetch TERRAFORM_CLOUD_TOKEN from 1Password using load-secrets-action
- name: Fetch TERRAFORM_CLOUD_TOKEN from 1Password
uses: 1Password/load-secrets-action@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
id: fetch-gitguardian-token
with:
export-env: false
env:
GITGUARDIAN_API_KEY: op://Infrastructure/gitguardian/credentials/token
- name: GitGuardian scan
uses: GitGuardian/gg-shield-action@master
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITGUARDIAN_API_KEY: ${{ steps.fetch-gitguardian-token.outputs.GITGUARDIAN_API_KEY}}