Update workflows to fail on new secrets detected

Ndiritu · Ndiritu · commit b8d41cfc6d9d · 2024-08-13T16:17:08.000+03:00
diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml
@@ -21,8 +21,10 @@ jobs:
           java-version: 21
           distribution: 'temurin'
           cache: gradle
-      - name: Detect Secrets
-        uses: RobertFischer/detect-secrets-action@v2.0.0
+      - name: Detect secrets
+        run: |
+          pip install detect-secrets
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
       - name: Grant Execute permission for gradlew
         run: chmod +x gradlew
       - name: Build with Gradle
diff --git a/.github/workflows/preview-and-release.yml b/.github/workflows/preview-and-release.yml
@@ -28,8 +28,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Easy detect-secrets
-        uses: RobertFischer/detect-secrets-action@v2.0.0
+      - name: Detect secrets
+        run: |
+          pip install detect-secrets
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
@@ -66,8 +68,10 @@ jobs:
           java-version: 21
           distribution: 'temurin'
           cache: gradle
-      - name: Easy detect-secrets
-        uses: RobertFischer/detect-secrets-action@v2.0.0
+      - name: Detect secrets
+        run: |
+          pip install detect-secrets
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
       - name: Download File
         run: .\Scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
         shell: pwsh
