diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml new file mode 100644 index 0000000..2ba3cad --- /dev/null +++ b/.github/workflows/actionlint.yaml @@ -0,0 +1,8 @@ +name: Workflows Linter + +on: + push: + +jobs: + workflows-linter: + uses: sensyn-robotics/github-actions/.github/workflows/actionlint.yaml@main diff --git a/README.md b/README.md index 9b8d6cd..3f59130 100644 --- a/README.md +++ b/README.md @@ -1 +1,37 @@ -# github-action-detect-secrets \ No newline at end of file +# github-action-detect-secrets + +## About +This is github action for running [detect-secrets](https://github.com/Yelp/detect-secrets) hook. + +it will run againts all files managed in git repository + + +## Prerequisites +create a baseline file for your repository + +please refer: https://github.com/Yelp/detect-secrets?tab=readme-ov-file#adding-secrets-to-baseline + +## Usage + + +```yaml +- uses: sensyn-robotics/github-action-detect-secrets@v1 + with: + # Baseline file for detect-secrets, relative to the mount-path + # Default; .secrets.baseline + baseline: '.secrets.baseline' + + # Version of detect-secrets + # When not specified, use latest + detect-secrets-version: "1.4.0" +``` + + +**Basic:** + +```yaml +steps: + - uses: actions/checkout@v3 + - name: Run DetectSecrets + uses: sensyn-robotics/github-action-detect-secrets@v1 +``` diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..d715412 --- /dev/null +++ b/action.yaml @@ -0,0 +1,28 @@ +name: 'detect-secrets-action' +description: 'Run detect-secrets on your codebase' +inputs: + baseline: + description: 'Baseline file path (relative to mount-path)' + required: true + default: '.secrets.baseline' + detect-secrets-version: + description: 'detect-secrets version' + +runs: + using: "composite" + steps: + - name: install detect-secrets + shell: bash + env: + VERSION: ${{ inputs.detect-secrets-version }} + run: | + if [ -z "$VERSION" ]; then + pip install detect-secrets + else + pip install detect-secrets==$VERSION + fi + - name: run detect-secrets + run: git ls-files -z | xargs -0 detect-secrets-hook --verbose --baseline $BASELINE + shell: bash + env: + BASELINE: ${{ inputs.baseline }}