Merge pull request #21470 from cevich/simpler_to_read_followup

openshift-merge-bot[bot] · web-flow · commit c935f6890313 · 2024-02-07T21:12:45.000Z
Secret-scanning followup fixes
diff --git a/.github/workflows/scan-secrets.yml b/.github/workflows/scan-secrets.yml
@@ -77,16 +77,22 @@ jobs:
       # Provide handy URL for examination of secret leaks for all events that
       # trigger this action.
 
-      - if: github.event_name == 'synchronize' || github.base_ref == ''
+      - if: github.event.action == 'synchronize' || github.base_ref == ''
         name: Provide URL showing code that needs human eyes (force-push or merge)
         shell: bash
         run: |
+          if [[ "$before" =~ ^0000+ ]]; then  # Push to new branch (i.e. renovate branch)
+              echo "Please review newly opened branch for secret-leaks:"
+              # The event JSON provides the URL we need
+              jq -r -e '.compare' $GITHUB_EVENT_PATH
+              return 0
+          fi
           echo "Please review force-push or merged-pr changes for secret-leaks:"
           before=$(jq -r -e '.before' $GITHUB_EVENT_PATH)
           after=$(jq -r -e '.after' $GITHUB_EVENT_PATH)
           echo "https://github.com/${{ github.repository }}/compare/${before}...${after}"
 
-      - if: github.event_name == 'opened'
+      - if: github.event.action == 'opened'
         name: Provide URL showing code that needs human eyes (newly opened PR)
         shell: bash
         run: |
