Merge pull request #798 from OpenSPP/ken/improve_code-analysis

kneckinator · web-flow · commit c2e42008bd68 · 2025-05-06T10:49:41.000+07:00
[chore] Improve code-analysis execution
diff --git a/.github/workflows/code-analysis.yml b/.github/workflows/code-analysis.yml
@@ -69,10 +69,17 @@ jobs:
         uses: github/codeql-action/analyze@v3
 
       - name: TruffleHog OSS
-        if: env.BRANCH_NAME != github.event.repository.default_branch
+        if: github.event_name == 'pull_request'
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
+          base: ${{ github.event.pull_request.base.sha }}
+          head: ${{ github.event.pull_request.head.sha }}
           extra_args: --debug --only-verified
+
+      - name: TruffleHog OSS (on push to 17.0)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/17.0'
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./
+          extra_args: --debug --only-verified # Scanning the entire repo
