Skip to content
Secret Scanner CI

dont use codeql #67

Sign in to view logs

dont use codeql

dont use codeql #67

Workflow file for this run

.github/workflows/secret-scan.yml at 04b8fd0
name: Secret Scanner CI
on:
push:
branches: [ main, master, claude/** ]
pull_request:
branches: [ main, master ]
jobs:
# Job that demonstrates using this repo as an action (basic - no LLM)
scan-basic:
name: Scan (Basic)
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for git scanning
- name: Run GoSecretScan Action
uses: ./
with:
scan-path: '.'
fail-on: 'critical' # Only fail on critical findings (pattern definitions are high/medium)
output-format: 'text'
# Job with LLM verification + SARIF upload
scan-with-llm:
name: Scan (LLM + SARIF)
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for git scanning
- name: Run GoSecretScan Action
uses: ./
with:
scan-path: '.'
fail-on: 'critical'
sarif-file: 'gosecretscanner-results.sarif'
enable-llm: 'true'
llm-port: '8080'
manage-llm-server: 'true'
- name: Upload SARIF as artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: secret-scan-sarif
path: gosecretscanner-results.sarif
continue-on-error: true
# Job for code quality checks
quality-checks:
name: Code Quality
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24.7'
cache: true
- name: Run go vet
run: go vet ./...
- name: Run tests
run: go test ./... -v
- name: Check code formatting
run: |
if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
echo "Code is not properly formatted. Run 'gofmt -s -w .'"
gofmt -s -l .
exit 1
fi