File tree Expand file tree Collapse file tree 2 files changed +47
-1
lines changed
Expand file tree Collapse file tree 2 files changed +47
-1
lines changed Original file line number Diff line number Diff line change 99 source :
1010 name : verify source
1111 uses : ./.github/workflows/source.yaml
12+ security :
13+ name : verify security
14+ uses : ./.github/workflows/security.yaml
1215 release :
1316 name : release version
1417 runs-on : ubuntu-latest
15- needs : [source]
18+ needs : [source, security ]
1619 permissions :
1720 id-token : write
1821 issues : write
Original file line number Diff line number Diff line change 1+ name : SECURITY
2+
3+ on :
4+ workflow_call :
5+ merge_group :
6+ pull_request :
7+ push :
8+ branches :
9+ - main
10+
11+ jobs :
12+ trufflehog :
13+ name : trufflehog
14+ runs-on : ubuntu-latest
15+ permissions :
16+ contents : read
17+ id-token : write
18+ issues : write
19+ pull-requests : write
20+ steps :
21+ - name : checkout repository
22+ uses : actions/checkout@v6
23+ with :
24+ fetch-depth : 0
25+ - name : scan source
26+ id : trufflehog
27+ uses : trufflesecurity/trufflehog@bff3d2670b362bbb4a0bcdeffea146cbc2ad3abd
28+ - name : evaluate results
29+ if : steps.trufflehog.outcome == 'failure'
30+ run : exit 1
31+ gitleaks :
32+ name : gitleaks
33+ runs-on : ubuntu-latest
34+ steps :
35+ - name : checkout repository
36+ uses : actions/checkout@v6
37+ with :
38+ fetch-depth : 0
39+ - name : scan source
40+ uses : gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7
41+ env :
42+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
43+ GITLEAKS_LICENSE : ${{ secrets.GITLEAKS_LICENSE }}
You can’t perform that action at this time.
0 commit comments