Skip to content

Commit af99d2a

Browse files
unicornwareunicornware
committed
ci(workflows): [ci] run gitguardian scan immediately after preflight
Signed-off-by: Lexus Drumgold <[email protected]>
1 parent ae118fc commit af99d2a

File tree

1 file changed

+25
-25
lines changed

1 file changed

+25
-25
lines changed

.github/workflows/ci.yml

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
runs-on: ubuntu-latest
5555
outputs:
5656
cache-key: ${{ steps.cache-key.outputs.result }}
57-
version: ${{ steps.version.outputs.result }}
57+
version: ${{ steps.build-version.outputs.result }}
5858
steps:
5959
- id: debug
6060
name: Print environment variables and event payload
@@ -86,16 +86,36 @@ jobs:
8686
with:
8787
key: ${{ steps.cache-key.outputs.result }}
8888
path: ${{ env.CACHE_PATH }}
89-
- id: version-manifest
89+
- id: manifest-version
9090
name: Get manifest version
9191
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT
92-
- id: version
92+
- id: build-version
9393
name: Get build version
9494
run: |
95-
echo "result=${{ startsWith(github.head_ref || github.ref_name, 'release/') && steps.version-manifest.outputs.result || format('{0}+{1}', steps.version-manifest.outputs.result, github.event.pull_request.head.sha || github.sha) }}" >>$GITHUB_OUTPUT
96-
commitlint:
95+
echo "result=${{ startsWith(github.head_ref || github.ref_name, 'release/') && steps.manifest-version.outputs.result || format('{0}+{1}', steps.manifest-version.outputs.result, github.event.pull_request.head.sha || github.sha) }}" >>$GITHUB_OUTPUT
96+
gitguardian:
9797
needs: preflight
9898
runs-on: ubuntu-latest
99+
steps:
100+
- id: checkout
101+
name: Checkout
102+
uses: actions/[email protected]
103+
with:
104+
fetch-depth: 0
105+
- id: scan
106+
name: Scan commits with ggshield
107+
uses: GitGuardian/[email protected]
108+
env:
109+
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
110+
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
111+
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
112+
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
113+
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
114+
with:
115+
args: --all-policies --format sarif --show-secrets --with-incident-details --verbose
116+
commitlint:
117+
needs: gitguardian
118+
runs-on: ubuntu-latest
99119
steps:
100120
- id: checkout
101121
name: Checkout ${{ env.REF_NAME }}
@@ -121,26 +141,6 @@ jobs:
121141
name: Check commitlint status
122142
if: github.run_number != '1'
123143
run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA
124-
gitguardian:
125-
needs: commitlint
126-
runs-on: ubuntu-latest
127-
steps:
128-
- id: checkout
129-
name: Checkout
130-
uses: actions/[email protected]
131-
with:
132-
fetch-depth: 0
133-
- id: scan
134-
name: Scan commits with ggshield
135-
uses: GitGuardian/[email protected]
136-
env:
137-
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
138-
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
139-
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
140-
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
141-
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
142-
with:
143-
args: --all-policies --format sarif --show-secrets --with-incident-details --verbose
144144
format:
145145
needs:
146146
- commitlint

0 commit comments

Comments
 (0)