-
-
Notifications
You must be signed in to change notification settings - Fork 0
23 lines (21 loc) · 688 Bytes
/
Copy pathggshield.yaml
File metadata and controls
23 lines (21 loc) · 688 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
name: GitGuardian Scan
on:
push:
pull_request:
jobs:
scanning:
name: GitGuardian Scan
runs-on: ubuntu-latest
# Skip Dependabot PRs (no secret access, only updates dependencies). The
# secret-presence check is enforced per-step via `env.GITGUARDIAN_API_KEY`
# below, because the `secrets` context isn't available in `if:` expressions.
if: github.actor != 'dependabot[bot]'
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
steps:
- uses: actions/checkout@v6
if: env.GITGUARDIAN_API_KEY != ''
with:
fetch-depth: 0
- uses: GitGuardian/ggshield-action@v1
if: env.GITGUARDIAN_API_KEY != ''