Skip to content

Bump tj-actions/changed-files from 40 to 41 in /.github/workflows #1052

Bump tj-actions/changed-files from 40 to 41 in /.github/workflows

Bump tj-actions/changed-files from 40 to 41 in /.github/workflows #1052

Workflow file for this run

---
name: gitleaks 💧
on:
push:
branches:
- main
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
branches:
- main
workflow_dispatch:
workflow_call:
inputs:
additional-args:
description: Additional arguments to pass to 'gitleaks detect'
required: false
type: string
default: ""
check-for-pii:
description: Check for any instances of PII data in the repository
required: false
type: boolean
default: false
concurrency:
group: gitleaks-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
gitleaks:
name: gitleaks 💧
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip gitleaks]')
&& github.event.pull_request.draft == false
steps:
- name: Checkout repo 🛎
uses: actions/checkout@v4
- name: Download and install gitleaks 💧
run: |
cd /tmp
sudo wget -q \
"https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-O gitleaks.tar.gz || \
(echo "Error downloading gitleaks ${GITLEAKS_VERSION} tarball" && exit 1)
sudo tar -xvzf gitleaks.tar.gz || \
(echo "Error unarchiving gitleaks ${GITLEAKS_VERSION} tarball" && exit 1)
sudo mv gitleaks /usr/bin/. || \
(echo "Error moving gitleaks for /usr/bin" && exit 1)
shell: bash
env:
GITLEAKS_VERSION: "8.18.1"
- name: Run gitleaks ☔
run: gitleaks -v detect --no-git ${{ inputs.additional-args }} --source .
shell: bash
pii-check:
name: PII Check 💳
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip pii-check]')
&& github.event.pull_request.draft == false
&& inputs.check-for-pii == true
steps:
- name: Checkout repo 🛎
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Presidio to check for PII ☔
uses: insightsengineering/presidio-action@v1
with:
configuration-data: |
threshold: 0.95
ignore: |
.git
**/*.svg
**/*.png
**/*.rds
**/*.rda
**/*.jpg
**/*.gif
.gitlab-ci.yml
.Rbuildignore
_pkgdown.yml
inst/WORDLIST
**/*.RData
**/*.xlsx
output: "github"
only-changed-files: true