Update secret.yaml

james-garriss · Feb 19, 2024 · 44a4609 · 44a4609
1 parent f2ba8e8
commit 44a4609
Showing 1 changed file with 72 additions and 60 deletions.
diff --git a/.github/workflows/secret.yaml b/.github/workflows/secret.yaml
@@ -7,67 +7,79 @@ on:
   workflow_dispatch:
 
 jobs:
-  gitleaks:
-    name: Gitleaks
+  trufflehog-ml:
+    name: TruffleHog from MegaLinter
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
-      - name: Scan with Gitleaks
-        uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  truffle:
-    name: TruffleHog
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v4
-      - name: Scan with TruffleHog
-        uses: trufflesecurity/trufflehog@main
-        with:
-          base: ""
-          head: ${{ github.ref_name }}
-          extra_args: --no-verification
-  truffle-install:
-    name: TruffleHog Installation
-    runs-on: Ubnuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name : Installing secret-scanning tool
-        run : |
-          pip3 install truffleHog
-          truffleHog --regex --entropy=False .
-  truffle-enterprise:
-    name: TruffleHog Enterprise
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # fetch all history so multiple commits can be scanned
-      - name: Scan with TruffleHog Enterprise
-        uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
-        with:
-            args: --fail-verified ${{ github.event.repository.default_branch }} HEAD
-  truffle-cli:
-    name: TruffleHog CLI
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # fetch all history so multiple commits can be scanned
-      - name: TruffleHog OSS 
-        id: trufflehog 
-        uses: trufflesecurity/trufflehog@add-actions-cli-switch 
-        continue-on-error: true 
-        with: 
-          path: ./ 
-          base: "${{ github.event.repository.default_branch }}" 
-          head: HEAD 
-          extra_args: --debug --only-verified 
-      - name: Scan Results Status 
-        if: steps.trufflehog.outcome == 'failure' 
-        run: exit 1
+      - name: Lint YAML
+        uses: oxsecurity/megalinter/flavors/ci_light@latest
+
+  # gitleaks:
+  #   name: Gitleaks
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout Repo
+  #       uses: actions/checkout@v4
+  #     - name: Scan with Gitleaks
+  #       uses: gitleaks/gitleaks-action@v2
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # truffle:
+  #   name: TruffleHog
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout Repo
+  #       uses: actions/checkout@v4
+  #     - name: Scan with TruffleHog
+  #       uses: trufflesecurity/trufflehog@main
+  #       with:
+  #         base: ""
+  #         head: ${{ github.ref_name }}
+  #         extra_args: --no-verification
+  # truffle-install:
+  #   name: TruffleHog Installation
+  #   runs-on: Ubnuntu-latest
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #     - name : Installing secret-scanning tool
+  #       run : |
+  #         pip3 install truffleHog
+  #         truffleHog --regex --entropy=False .
+  # truffle-enterprise:
+  #   name: TruffleHog Enterprise
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         fetch-depth: 0 # fetch all history so multiple commits can be scanned
+  #     - name: Scan with TruffleHog Enterprise
+  #       uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
+  #       with:
+  #           args: --fail-verified ${{ github.event.repository.default_branch }} HEAD
+  # truffle-cli:
+  #   name: TruffleHog CLI
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         fetch-depth: 0 # fetch all history so multiple commits can be scanned
+  #     - name: TruffleHog OSS 
+  #       id: trufflehog 
+  #       uses: trufflesecurity/trufflehog@add-actions-cli-switch 
+  #       continue-on-error: true 
+  #       with: 
+  #         path: ./ 
+  #         base: "${{ github.event.repository.default_branch }}" 
+  #         head: HEAD 
+  #         extra_args: --debug --only-verified 
+  #     - name: Scan Results Status 
+  #       if: steps.trufflehog.outcome == 'failure' 
+  #       run: exit 1