cuebook/cuelake

View on GitHub
.github/workflows/check_secrets.yml

Summary

Maintainability
Test Coverage
name: Checking secrets

on:  [push,  workflow_dispatch]

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  git-secrets:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      - name: Running git secrets
        run: |
          echo Installing git-secrets
          (cd ../../; git clone https://github.com/awslabs/git-secrets.git; cd git-secrets; sudo make install)
          pwd
          git secrets --register-aws --global
          git config -l
          echo Runing git secrets
          secretsOutput="$(git secrets --scan-history 2>&1)"
          echo "$secretsOutput"
          echo ${{ github.event.base_ref }}
          echo ${{ github.event.before }}

          echo ---------------
          git branch
          ls 

          echo ---------------
          (cd ../; ls;)
          git secrets --scan-history

          echo Done running secrets
          if echo "$secretsOutput" | grep -c ERROR; then
            exit 1
          else
            exit 0
          fi


  slack-workflow-status:
    if: failure()
    name: Post Git Secrets Status To Slack
    needs:
      - git-secrets
    runs-on: ubuntu-latest
    steps:
      - name: Slack Workflow Notification
        uses: Gamesight/slack-workflow-status@master
        with:
          # Required Input
          repo_token: ${{secrets.GITHUB_TOKEN}}
          slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}}
          # Optional Input
          channel: '#webhook-calls'
          name: 'CueLake Secrets Workflow Failed'
          icon_url: 'https://avatars.githubusercontent.com/u/54435418?s=200&v=4'