From bedef8068a9a2e4538e69e93afa4e14124847c7d Mon Sep 17 00:00:00 2001 From: IlyasMoutawwakil Date: Mon, 14 Oct 2024 13:48:07 +0200 Subject: [PATCH] intermediate env vars --- .github/workflows/security.yml | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index d105eac0..286a423d 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -2,40 +2,35 @@ name: Security Checks on: push: - branches: - - main - pull_request: - branches: - - main - -concurrency: - cancel-in-progress: true - group: ${{ github.workflow }}-${{ github.ref }} permissions: contents: read jobs: - secrets: + trufflehog: runs-on: ubuntu-latest steps: - - name: Set up environment variables - shell: bash + - shell: bash run: | - if [ "${{ github.event_name }}" == "push" ]; then - echo "depth=$(($(jq length <<< '${{ toJson(github.event.commits) }}') + 2))" >> $GITHUB_ENV - echo "branch=${{ github.ref_name }}" >> $GITHUB_ENV + if [ "$EVENT_NAME" == "push" ]; then + echo "depth=$(($(jq length <<< '$COMMITS') + 2))" >> $GITHUB_ENV + echo "branch=$REF_NAME" >> $GITHUB_ENV fi - if [ "${{ github.event_name }}" == "pull_request" ]; then - echo "depth=$((${{ github.event.pull_request.commits }}+2))" >> $GITHUB_ENV - echo "branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_ENV + if [ "$EVENT_NAME" == "pull_request" ]; then + echo "depth=$(($PR_COMMITS+2))" >> $GITHUB_ENV + echo "branch=$PR_REF" >> $GITHUB_ENV fi + env: + REF_NAME: ${{ github.ref_name }} + EVENT_NAME: ${{ github.event_name }} + COMMITS: ${{ toJson(github.event.commits) }} + PR_REF: ${{ github.event.pull_request.head.ref }} + PR_COMMITS: ${{ github.event.pull_request.commits }} - name: Checkout code uses: actions/checkout@v4 with: ref: ${{env.branch}} fetch-depth: ${{env.depth}} - - name: Scan for secrets uses: trufflesecurity/trufflehog@main