-
Notifications
You must be signed in to change notification settings - Fork 12
33 lines (29 loc) · 1.25 KB
/
pull-request.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# This workflow will upload a Python Package using Twine when the repository
# is published. If the reference to the published version contains the text
# "-test," then it will be published to Test PyPi, otherwise to prod.
#
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Check pull requests
on:
# pull_request: this will be what we use eventually
push:
branches:
- "safety-tooling" # for testing
jobs:
test-for-secrets:
runs-on: ubuntu-latest
steps:
- name: Scan for Secrets
uses: actions/checkout@v4
- run: docker run --rm -v "$PWD:/pwd" ghcr.io/trufflesecurity/trufflehog:latest filesystem /pwd/IriusRisk-Central/Integrations/ --fail > trufflehog.txt
- name: Save Results
uses: actions/upload-artifact@v3
with:
name: trufflehog
path: trufflehog.txt
if-no-files-found: error
continue-on-error: true