Skip to content

ci: wart removal #16639

ci: wart removal

ci: wart removal #16639

Workflow file for this run

---
name: "Lint secrets"
on: # yamllint disable-line rule:truthy
push:
branches:
- 'main'
- 'releases/**'
pull_request: {}
jobs:
lint-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# TODO(danh): this install+configure git-secrets is a good candidate for a
# custom action repo -- closest to our needs I found is:
# https://github.com/kams-mash/gh-secrets-scanner-action
- name: Set tempdir because github actions are dumb
run: echo "SECRETS_REPO=$(mktemp -dp "$PWD")" >> "$GITHUB_ENV"
- uses: actions/checkout@v4
with:
repository: awslabs/git-secrets
path: ${{ env.SECRETS_REPO }}
fetch-depth: 1
- name: Compile and install git-secrets
run: |
sudo make -C "$SECRETS_REPO" install
# needed to avoid having the secret scan include the git-secrets repo
rm -rf "$SECRETS_REPO"
- name: Configure git-secrets
run: |
git secrets --install
git secrets --register-aws
git secrets --add '"private_key":\s"-----BEGIN\sPRIVATE\sKEY-----'
- name: Run scan
run: git secrets --scan-history