diff --git a/.gitguardian.yaml b/.gitguardian.yaml index c418cc9071e..9b4d83d14ae 100644 --- a/.gitguardian.yaml +++ b/.gitguardian.yaml @@ -7,7 +7,7 @@ exit-zero: false # default: false verbose: false # default: false -instance: https://api.gitguardian.com/ +instance: https://dashboard.gitguardian.com/ # Maximum commits to scan in a hook. max-commits-for-hook: 50 # default: 50 diff --git a/.github/workflows/gg-shield-action.yaml b/.github/workflows/gg-shield-action.yaml index f1b1d5001fc..14f02e71b29 100644 --- a/.github/workflows/gg-shield-action.yaml +++ b/.github/workflows/gg-shield-action.yaml @@ -10,6 +10,11 @@ on: # Publish `v1.2.3` tags as releases. tags: - v* + workflow_call: + secrets: + GITGUARDIAN_API_KEY: + description: 'API key for GitGuardian' + required: true jobs: scanning: @@ -17,18 +22,16 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2.4.0 + uses: actions/checkout@v3.5.1 with: fetch-depth: 0 # fetch all history so multiple commits can be scanned - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: GitGuardian scan - uses: GitGuardian/ggshield-action@v1.14.4 + uses: GitGuardian/ggshield-action@v1.14.5 with: args: --show-secrets --exit-zero --all-policies --verbose + GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} env: GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} - GITHUB_DEFAULT_BRANCH: main - GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} \ No newline at end of file + GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} \ No newline at end of file