[codex] Fix createVault submission shape #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Secret scan | |
| # Server-side secret scan. Runs on every PR and every push to main, so it | |
| # cannot be bypassed by `git commit --no-verify`. The husky pre-commit hook | |
| # (.husky/pre-commit) provides the same check locally for faster feedback. | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| gitleaks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # gitleaks needs full history so it can scan every commit on the | |
| # branch, not just the latest one. | |
| fetch-depth: 0 | |
| # Use the gitleaks binary directly rather than gitleaks/gitleaks-action, | |
| # which requires a paid licence for organisation-owned repositories. | |
| # The CLI itself is the same MIT-licensed tool, just without the wrapper. | |
| - name: Install gitleaks | |
| run: | | |
| GITLEAKS_VERSION=8.21.2 | |
| curl -fsSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \ | |
| | tar -xz -C /usr/local/bin gitleaks | |
| gitleaks version | |
| - name: Scan repository history | |
| run: gitleaks detect --no-banner --redact --verbose --config .gitleaks.toml |