on: pull_request: types: [opened, reopened, synchronize] pull_request_review_comment: types: [created, edited, deleted] name: Metomic Scan jobs: scan-secrets: name: Scan For Secrets runs-on: ubuntu-latest steps: - name: checkout-repo uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} - name: authenticate-with-metomic id: authenticate continue-on-error: ${{ vars.METOMIC_FAIL_ON_CONNECTION_ERROR != 'TRUE' }} run: | curl -s --location --request GET '${{ vars.METOMIC_INTEGRATION_ENDPOINT }}/token' --header 'X-API-Key: ${{ secrets.METOMIC_API_TOKEN }}' -o .metomic_token.json echo METOMIC_ACCESS_TOKEN=$(cat .metomic_token.json | jq -r -c '.accessToken') >> $GITHUB_OUTPUT PASS=$(cat .metomic_token.json | jq -r -c '.accessToken // empty') if [ -z "$PASS" ]; then cat .metomic_token.json echo "" echo "FAIL: failed to fetch auth token from Metomic. Ensure required organisation variables / secrets are set correctly. METOMIC_INTEGRATION_ENDPOINT, METOMIC_API_TOKEN" echo "The correct values for these variables are available from the installations page of the Metomic dashboard" exit 1 fi - name: checkout-metomic-action id: checkout uses: actions/checkout@v3 if: ${{ steps.authenticate.outcome == 'success' }} continue-on-error: ${{ vars.METOMIC_FAIL_ON_CONNECTION_ERROR != 'TRUE' }} with: repository: metomic/metomic-github-integration-action.git path: "./.metomic" ref: "main" token: ${{ steps.authenticate.outputs.METOMIC_ACCESS_TOKEN }} - name: scan uses: ./.metomic/.github/actions/scan-secrets if: ${{ steps.authenticate.outputs.METOMIC_ACCESS_TOKEN && steps.checkout.outcome == 'success' }} with: metomic_endpoint: ${{ vars.METOMIC_INTEGRATION_ENDPOINT }} metomic_api_token: ${{ secrets.METOMIC_API_TOKEN }} head_ref: ${{ github.event.pull_request.head.sha }}