SecretHound/.github/workflows/release.yml at main · rafabd1/SecretHound · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Release SecretHound

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build:
    name: Build and Release
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version: '1.24'

      - name: Get version from tag
        id: get_version
        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV

      - name: Build for all platforms
        run: |
          # Build for Windows
          GOOS=windows GOARCH=amd64 go build -ldflags "-X github.com/rafabd1/SecretHound/cmd.Version=${{ env.VERSION }}" -o secrethound-${{ env.VERSION }}-windows-amd64.exe ./cmd/secrethound/

          # Build for Linux
          GOOS=linux GOARCH=amd64 go build -ldflags "-X github.com/rafabd1/SecretHound/cmd.Version=${{ env.VERSION }}" -o secrethound-${{ env.VERSION }}-linux-amd64 ./cmd/secrethound/

          # Build for macOS
          GOOS=darwin GOARCH=amd64 go build -ldflags "-X github.com/rafabd1/SecretHound/cmd.Version=${{ env.VERSION }}" -o secrethound-${{ env.VERSION }}-darwin-amd64 ./cmd/secrethound/

      - name: Create Release
        id: create_release
        uses: softprops/action-gh-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          name: SecretHound v${{ env.VERSION }}
          draft: false
          prerelease: false
          files: |
            secrethound-${{ env.VERSION }}-windows-amd64.exe
            secrethound-${{ env.VERSION }}-linux-amd64
            secrethound-${{ env.VERSION }}-darwin-amd64
          body: |
                # SecretHound v${{ env.VERSION }}

                ## New Features
                - **Max File Size Flag**: Added `--max-file-size` flag to set the maximum file size for local file scanning.
                - **Netlify Access Token Pattern**: Added new detection pattern for Netlify Access Tokens.

                ## Improvements
                - **Enhanced Pattern Accuracy**: Refined multiple regex patterns (MAC Address, IPv4, IPv6, PayPal, Private Key, Phone Number) to significantly reduce false positives based on real-world testing.

                ## Bug Fixes
                - Fixed false positives where SVG path data was detected as MAC addresses.
                - Fixed false positives where OIDs were detected as IPv4 addresses.
                - Fixed false positives where SHA-256 fingerprints were detected as IPv6 addresses.
                - Fixed false positives where CSS class names were detected as PayPal credentials.
                - Fixed false positives where event tracking strings were detected as private keys.
                - Fixed Private Key Content pattern to require actual key data after BEGIN header.

                ## Installation

                Download the appropriate binary for your platform and make it executable.

                For Go users:
                ```
                go install github.com/rafabd1/SecretHound/cmd/secrethound@latest
                ```

                ## Documentation

                See the [documentation](https://github.com/rafabd1/SecretHound/tree/main/docs) for usage details.