ci(workflow): Add secrets check workflow

guanguans · guanguans · commit 82849c9d63e7 · 2025-04-05T14:09:22.000+08:00
- Introduce a GitHub Actions workflow for secrets scanning
- Trigger on workflow dispatch, pull requests, and pushes
- Use TruffleHog for secret scanning with debug options
- Ensure the latest code is checked out before scanning
diff --git a/.github/workflows/secret-check.yml b/.github/workflows/secret-check.yml
@@ -0,0 +1,23 @@
+name: secrets check
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+
+jobs:
+  security-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # ref: ${{ github.ref_name }}
+          fetch-depth: 0
+      - name: Secret Scanning
+        uses: trufflesecurity/trufflehog@v3
+        with:
+          # path: ./
+          # base: ${{ github.event.repository.default_branch }}
+          # head: ${{ github.ref_name }}
+          extra_args: --debug --only-verified --results=verified,unknown
