test(actions): add secret scanner.

pabroux · web-flow · commit 8fa11f280da0 · 2025-02-20T12:11:28.000+01:00
diff --git a/.github/workflows/secret_scanner.yml b/.github/workflows/secret_scanner.yml
@@ -0,0 +1,20 @@
+name: Secret scanner
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+permissions:
+  contents: read
+jobs:
+  secret-scanner:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+      - name: Scan secrets in commits
+        run: nix shell nixpkgs#gitleaks --command gitleaks git --no-banner --verbose
+      - name: Scan secrets in files
+        run: nix shell nixpkgs#gitleaks --command gitleaks dir --no-banner --verbose
