fix: GitHub Terraform: Create/Update .github/workflows/gitleaks_push.…

…yaml
groq · Jun 4, 2024 · e81abf3 · e81abf3
1 parent bbed11f
commit e81abf3
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/.github/workflows/gitleaks_push.yaml b/.github/workflows/gitleaks_push.yaml
@@ -0,0 +1,33 @@
+#####################################
+#       DO NOT EDIT DIRECTLY.       #
+# This file is managed by Terraform #
+#####################################
+
+on: [push]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    name: Detect Secrets
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # Checkout full history to make .gitleaksignore work like it does locally
+
+      - name: GitLeaks
+        uses: gacts/gitleaks@v1 # Action page: <https://github.com/gacts/gitleaks>
+
+      - name: Email [email protected]
+        if: ${{ failure() && github.event.number == 0 }} # Only run for push events
+        uses: licenseware/send-email-notification@v1 # Action page: <https://github.com/licenseware/send-email-notification>
+        with:
+          api-key: ${{ secrets.SENDGRID_API_KEY }}
+          subject: Secret detected in GitHub repository '${{ github.event.repository.name }}'
+          from-email: GitLeaks GitHub Action <[email protected]>
+          to-email: [email protected]
+          markdown-body: |
+            Secret detected in ${{ github.event.repository.url }}. See details below:
+
+            * action: ${{ github.event.repository.url }}/actions/runs/${{ github.run_id }}
+            * commit: ${{ github.event.head_commit.url }}