Merge pull request #327 from rashley-iqt/new-workflows

using custom secret scan action
IQTLabs · Feb 1, 2024 · fe8003b · fe8003b
2 parents a102046 + a8641c9
commit fe8003b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 48 deletions.
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -6,27 +6,17 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: scan
-      run: |
-        export DEBIAN_FRONTEND=noninteractive && \
-        echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections && \
-        sudo apt-get update && \
-        python3 -m pip install --upgrade pip && \
-        pip3 install whispers && \
-        mkdir /home/runner/reports/ && \
-        whispers --severity BLOCKER,CRITICAL -o /home/runner/reports/whispers.json -c ${GITHUB_WORKSPACE}/.github/workflows/config/whispers-config.yml ${GITHUB_WORKSPACE} && \
-        echo "::set-output name=found-count::$(wc -l /home/runner/reports/whispers.json | cut -d' ' -f1)"
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Scan for secrets
+      id: scan
+      uses: IQTLabs/workflows/secret-scan
+
     - name: Fail if found
-      if: steps.scan.outputs.found-count != 0
-      uses: actions/github-script@v7
+      if: steps.scan.outputs.verified-secrets != 0
+      uses: actions/github-script@v6
       with:
         script: |
-            echo {{steps.scan.outputs.found-count}} && \
+            core.info(`Number of verified secrets: ${{steps.scan.outputs.verified-secrets}}`)
+            core.info(`Number of unverified secrets: ${{steps.scan.outputs.unverified-secrets}}`)
             core.setFailed('Secrets found. Please check the uploaded report')
-    - name: Upload scan reports
-      uses: actions/upload-artifact@v4.3.0
-      if: failure()
-      with:
-        name: whispers-report
-        path: /home/runner/reports/whispers.json
diff --git a/poetry.lock b/poetry.lock