Update msdo-trufflehog.yml

Author: theangrytech-git

.github/workflows/msdo-trufflehog.yml

@@ -34,14 +34,14 @@ jobs:
         if: github.repository_visibility == 'public' && success()
         run: |
           pip install sarif-tools
-          python3 -c """
-          import json
+          cat <<EOF > convert_to_sarif.py
+import json
 
 with open('trufflehog-findings.json') as f:
   findings = json.load(f)
 
-  sarif = {
-'version': '2.1.0',
+sarif = {
+  'version': '2.1.0',
   'runs': [{
     'tool': {
       'driver': {
@@ -79,25 +79,23 @@ for finding in findings:
 
 with open('trufflehog.sarif', 'w') as out:
   json.dump(sarif, out)
-"""
+EOF
+          python3 convert_to_sarif.py
 
       - name: Upload TruffleHog SARIF to GitHub Code Scanning
         if: github.repository_visibility == 'public' && success()
         run: |
           gzip -c trufflehog.sarif | base64 -w 0 > trufflehog.sarif.base64
           encoded_sarif=$(cat trufflehog.sarif.base64)
 
-          curl -s -X POST \
+          echo '{
+            "commit_sha": "'"${{ github.sha }}"'",
+            "ref": "'"${{ github.ref }}"'",
+            "sarif": "'$encoded_sarif'",
+            "checkout_uri": "https://github.com/${{ github.repository }}",
+            "tool_name": "TruffleHog"
+          }' | curl -s -X POST \
             -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
             -H "Accept: application/vnd.github+json" \
             -H "Content-Type: application/json" \
-            https://api.github.com/repos/${{ github.repository }}/code-scanning/sarifs \
-            -d @- <<EOF
-          {
-            "commit_sha": "${{ github.sha }}",
-            "ref": "${{ github.ref }}",
-            "sarif": "$encoded_sarif",
-            "checkout_uri": "https://github.com/${{ github.repository }}",
-            "tool_name": "TruffleHog"
-          }
-EOF
+            https://api.github.com/repos/${{ github.repository }}/code-scanning/sarifs