gitguardian.yml

This is a generic GitHub Actions script for GitGuardian credential exposure scanning.

Author: killshot13

.github/workflows/gitguardian.yml

@@ -0,0 +1,36 @@
+# This is a generic GitHub Actions script for GitGuardian credential exposure scanning.
+
+name: gitguardian
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on all pull request events and all pushes to the master branch
+  push:
+    branches: [ master ]
+  pull_request:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job named "gitguardian"
+  gitguardian:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: checkout
+        # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0 # fetch all history so multiple commits can be scanned
+      - name: scan
+        uses: GitGuardian/gg-shield-action@master
+        env:
+          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
+          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
+          GITHUB_PULL_BASE_SHA:  ${{ github.event.pull_request.base.sha }}
+          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
+            # Runs a single command using the runners shell
+      - name: alert
+        run: echo Scan is complete!
+