feat(local): serverless local execution runtime (opensop-local) #71
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Secret scan | |
| # Source-of-truth secret detection. Runs on every PR and on pushes to main. | |
| # The local pre-commit hook (bin/install-git-hooks) is fast feedback; this | |
| # workflow is the gate that secrets cannot bypass via `git commit --no-verify`. | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| gitleaks: | |
| name: gitleaks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| # gitleaks needs full history to scan the diff range. fetch-depth: 0 | |
| # is the documented setup for the official action. | |
| fetch-depth: 0 | |
| - name: Run gitleaks | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Use the .gitleaks.toml at the repo root. | |
| GITLEAKS_CONFIG: .gitleaks.toml |