deps(go): bump github.com/prometheus/common from 0.68.1 to 0.69.0 in the go-minor-patch group across 1 directory #3303
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ============================================================================= | |
| # NFTBan - Secret Scanning (Gitleaks) | |
| # ============================================================================= | |
| # SPDX-License-Identifier: MPL-2.0 | |
| name: Secret Scanning (Gitleaks) | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| pull_request: | |
| branches: [main, master, develop] | |
| concurrency: | |
| group: gitleaks-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| gitleaks: | |
| name: Scan for secrets | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| fetch-depth: 0 # Full history for thorough scanning | |
| - name: Run Gitleaks | |
| uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITLEAKS_ENABLE_COMMENTS: false | |
| GITLEAKS_ENABLE_UPLOAD_ARTIFACT: false | |
| GITLEAKS_ENABLE_SUMMARY: true | |
| - name: Generate summary | |
| if: always() | |
| run: | | |
| echo "## Secret Scanning Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Gitleaks has scanned the repository for:" >> $GITHUB_STEP_SUMMARY | |
| echo "- API keys and tokens" >> $GITHUB_STEP_SUMMARY | |
| echo "- Passwords and credentials" >> $GITHUB_STEP_SUMMARY | |
| echo "- Private keys (SSH, PGP, etc.)" >> $GITHUB_STEP_SUMMARY | |
| echo "- Cloud provider secrets (AWS, GCP, Azure)" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| if [ "${{ job.status }}" == "success" ]; then | |
| echo "No secrets detected." >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "**Potential secrets detected. Please review and remove before merging.**" >> $GITHUB_STEP_SUMMARY | |
| fi |