wp-woocommerce-pay/.forgejo/workflows/gitleaks.yml

name: gitleaks 密钥泄露扫描

on:
  push:
    branches: ['*']
  pull_request:
    branches: ['*']

jobs:
  gitleaks:
    runs-on: linux-arm64
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run gitleaks
        run: |
          if [ "$GITHUB_EVENT_NAME" = "push" ]; then
            gitleaks detect --source=. --log-opts="$GITHUB_SHA~1..$GITHUB_SHA" --verbose --exit-code 1 || {
              echo "::error::gitleaks 发现了潜在的密钥泄露！请检查上方输出并移除敏感信息。"
              exit 1
            }
          else
            gitleaks detect --source=. --verbose --exit-code 1 || {
              echo "::error::gitleaks 发现了潜在的密钥泄露！请检查上方输出并移除敏感信息。"
              exit 1
            }
          fi
          echo "gitleaks 扫描通过，未发现密钥泄露。"