wpmind/.forgejo/workflows/gitleaks.yml
wenpai ca1c4d79d3
Some checks failed
gitleaks 密钥泄露扫描 / gitleaks (push) Successful in 2s
WordPress 插件 CI / ci (push) Failing after 7s
ci: deploy shared CI workflows from WenPai-org/ci-workflows
- gitleaks: secret leakage scanning
- wp-plugin-ci/go-ci: lint & static analysis
- security-scan: dependency vulnerability check
- auto-label: automatic PR labeling
- stale-cleanup: stale issue/PR management
2026-05-04 19:05:00 +08:00

31 lines
926 B
YAML

name: gitleaks 密钥泄露扫描
on:
push:
branches: ['*']
pull_request:
branches: ['*']
jobs:
gitleaks:
runs-on: linux-arm64
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run gitleaks
run: |
if [ "$GITHUB_EVENT_NAME" = "push" ]; then
gitleaks detect --source=. --log-opts="$GITHUB_SHA~1..$GITHUB_SHA" --verbose --exit-code 1 || {
echo "::error::gitleaks 发现了潜在的密钥泄露!请检查上方输出并移除敏感信息。"
exit 1
}
else
gitleaks detect --source=. --verbose --exit-code 1 || {
echo "::error::gitleaks 发现了潜在的密钥泄露!请检查上方输出并移除敏感信息。"
exit 1
}
fi
echo "gitleaks 扫描通过,未发现密钥泄露。"