changed token for git publish #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Secrets Scan | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
security-secrets: | |
runs-on: ubuntu-latest | |
if: ${{ github.base_ref == 'main' || github.base_ref == 'master' }} | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Install Expect, jq and Python | |
run: sudo apt-get update --fix-missing && sudo apt-get install -y expect jq python3 python3-pip wkhtmltopdf | |
- name: Install Python packages | |
run: pip install pandas json2html tabulate | |
- name: Install Talisman | |
run: | | |
curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/v1.32.0/install.sh > install.bash | |
chmod +x install.bash | |
./install.bash | |
- name: Run Talisman | |
id: run_talisman | |
run: /usr/local/bin/talisman --scan | |
continue-on-error: true | |
- name: Convert JSON to HTML | |
run: | | |
python3 -c " | |
import json | |
import os | |
from json2html import * | |
with open('talisman_report/talisman_reports/data/report.json') as f: | |
data = json.load(f) | |
html = json2html.convert(json = data) | |
os.makedirs('talisman_html_report', exist_ok=True) | |
with open('talisman_html_report/report.html', 'w') as f: | |
f.write(html) | |
" && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf | |
- name: Upload Report | |
id: upload_report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: talisman-report-pdf | |
path: talisman_report.pdf | |
- name: Check the status of talisman scan | |
run: | | |
# if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi | |
echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}"; |