Scan repository #98
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Scan repository' | |
| on: | |
| schedule: | |
| - cron: '0 9 * * MON-FRI' | |
| workflow_dispatch: | |
| jobs: | |
| scan-secrets: | |
| name: 'Scan secrets' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 2 | |
| steps: | |
| - name: 'Checkout code' | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # Full history is needed to scan all commits | |
| - name: 'Scan secrets' | |
| uses: ./.github/actions/scan-secrets | |
| - name: Notify slack | |
| if: ${{ failure() }} | |
| uses: slackapi/[email protected] | |
| with: | |
| webhook: ${{ secrets.SLACK_WEBHOOK_DEV_NOTIFICATIONS_URL }} | |
| webhook-type: incoming-webhook | |
| payload: | | |
| blocks: | |
| - type: section | |
| text: | |
| type: mrkdwn | |
| text: ":warning: Repository scan failed:" | |
| - type: section | |
| fields: | |
| - type: mrkdwn | |
| text: |- | |
| *Workflow:* | |
| <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}> | |
| - type: mrkdwn | |
| text: |- | |
| *Job:* | |
| ${{ github.job }} | |
| - type: mrkdwn | |
| text: |- | |
| *Repo:* | |
| ${{ github.repository }} |