Create msdo-gitleaks.yml

Adding in gitleaks workflow based on my msdo-reusable.yml file

Author: theangrytech-git

.github/workflows/msdo-gitleaks.yml

@@ -0,0 +1,41 @@
+name: msdo-gitleaks-reusable
+
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      branch:
+        required: false
+        type: string
+        default: 'main'
+    secrets:
+      GH_TOKEN:
+        required: false
+
+jobs:
+  gitleaks-scan:
+    name: Gitleaks Secret Scan
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ inputs.branch }}
+
+      - name: Run Gitleaks
+        id: gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        with:
+          args: detect --source=. --report-format sarif --report-path=gitleaks.sarif
+
+      - name: Upload SARIF to GitHub Code Scanning
+        if: github.repository_visibility == 'public'
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: gitleaks.sarif