configure autocomplete provider based on cody LLM settings in site config #502
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: TruffleHog Secrets Scan | |
| on: [pull_request] | |
| jobs: | |
| TruffleHog: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install TruffleHog | |
| run: | | |
| wget -q https://github.com/trufflesecurity/trufflehog/releases/download/v3.54.3/trufflehog_3.54.3_linux_amd64.tar.gz -O trufflehog.tar.gz | |
| sudo tar xzf trufflehog.tar.gz --directory=/usr/local/bin/ trufflehog | |
| - name: Run TruffleHog | |
| id: scan | |
| run: | | |
| output=$(/usr/local/bin/trufflehog git file://./ --since-commit main --branch HEAD --no-update --github-actions --only-verified) | |
| echo $output | |
| if grep -q "Found verified" <<< "${output}"; then | |
| echo "FOUND_SECRET=true" >> "${GITHUB_OUTPUT}" | |
| else | |
| echo "FOUND_SECRET=false" >> "${GITHUB_OUTPUT}" | |
| fi | |
| - name: Post to Slack | |
| if: ${{ steps.scan.outputs.FOUND_SECRET == 'true' }} | |
| uses: slackapi/slack-github-action@v1.23.0 | |
| with: | |
| payload: | | |
| { | |
| "text": "🚨 *A secret was detected in a GitHub commit in the repo ${{ github.repository }}.*\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "🚨 *A secret was detected in a GitHub commit in the repo ${{ github.repository }}.*\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.TRUFFLEHOG_SLACK_WEBHOOK_URL }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |