Skip to content

chore(pre-commit): add pre-commit config and non-blocking secret-scan… #1

chore(pre-commit): add pre-commit config and non-blocking secret-scan…

chore(pre-commit): add pre-commit config and non-blocking secret-scan… #1

Workflow file for this run

name: Secret Scanning
on:
push: {}
pull_request: {}
jobs:
detect-secrets:
name: Detect Secrets (non-blocking)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install detect-secrets
run: python -m pip install detect-secrets==1.4.0
- name: Run detect-secrets scan (non-blocking)
run: |
detect-secrets scan --all-files --json > detect-secrets-output.json || true
continue-on-error: true
- name: Upload detect-secrets report
uses: actions/upload-artifact@v4
with:
name: detect-secrets-report
path: detect-secrets-output.json
- name: Optional: Run gitleaks (Docker)

Check failure on line 34 in .github/workflows/secret-scan.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/secret-scan.yml

Invalid workflow file

You have an error in your yaml syntax on line 34
run: |
docker run --rm -v "$PWD":/repo zricethezav/gitleaks:8.18.0 detect --source=/repo --report-path=/repo/gitleaks-report.json || true
continue-on-error: true
- name: Upload gitleaks report
uses: actions/upload-artifact@v4
with:
name: gitleaks-report
path: gitleaks-report.json
- name: Notice
run: |
echo "This workflow produces non-blocking secret-scan reports and uploads them as artifacts for manual review.\n" \
"To enable blocking scans, maintainers should review the report artifacts, create a sanitized `.secrets.baseline` for detect-secrets, and update the workflow to fail on detections."