.github/workflows/secret.yaml

# Purpose: Run one or more secret scanners against the entire repo.

name: Run Secret Scan

on:
  push:
  workflow_dispatch:

jobs:
  gitleaks:
    name: Gitleaks
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4
      - name: Scan with Gitleaks
        uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  truffle:
    name: TruffleHog
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4
      - name: Scan with TruffleHog
        uses: trufflesecurity/trufflehog@main
        with:
          extra_args: --no-verification
  truffle-enterprise:
    name: TruffleHog Enterprise
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # fetch all history so multiple commits can be scanned
      - name: Scan with TruffleHog Enterprise
        uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
        with:
            args: --fail-verified ${{ github.event.repository.default_branch }} HEAD