chore(deps): update grafana/shared-workflows/ action to #86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: TruffleHog Secret Scanning | |
| # This workflow is designed to be enforced org-wide via GitHub rulesets | |
| # It calls the reusable TruffleHog workflow with sensible defaults for org-wide deployment | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| checks: write | |
| jobs: | |
| secret-scan: | |
| name: TruffleHog Secret Scan | |
| uses: grafana/security-github-actions/.github/workflows/reusable-trufflehog.yml@main | |
| with: | |
| # Monitoring mode - no blocking, just reporting | |
| fail-on-verified: "false" # Don't block on verified secrets (monitoring only) | |
| fail-on-unverified: "false" # Don't block on unverified secrets | |
| runs-on: ${{ !github.event.repository.private && 'ubuntu-latest' || 'ubuntu-arm64-small' }} # Use same runner pattern as zizmor | |
| secrets: inherit |