GitHub Terraform: Create/Update .github/workflows/gitleaks_pr.yaml

definitive-io · Oct 17, 2023 · 72e1e45 · 72e1e45
1 parent 33934de
commit 72e1e45
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/.github/workflows/gitleaks_pr.yaml b/.github/workflows/gitleaks_pr.yaml
@@ -0,0 +1,27 @@
+#####################################
+#       DO NOT EDIT DIRECTLY.       #
+# This file is managed by Terraform #
+#####################################
+
+on: [pull_request]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    name: Detect Secrets
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # Checkout full history to make .gitleaksignore work like it does locally
+
+      - name: GitLeaks
+        uses: gacts/gitleaks@v1 # Action page: <https://github.com/gacts/gitleaks>
+
+      - name: Add Failure Instructions to Pull Request
+        if: ${{ failure() }}
+        uses: thollander/actions-comment-pull-request@v1 # Action page: <https://github.com/thollander/actions-comment-pull-request>
+        with:
+          message: |
+            :warning: A secret was detected :warning:
+            Follow instructions in [Notion](https://www.notion.so/definitive-io/GitHub-Secret-Prevention-97986fd7ae9f45dd8703a1e42f7b07f8#027d1f9cd2544a0798505a1817dfe3df) to resolve.