This action runs detect-secrets with reviewdog on pull requests to improve code review experience.
Required. Must be in form of github_token: ${{ secrets.github_token }}
'.
Optional. The directory from which to look for and run detect-secrets. Default '.'
Optional. Reviewdog filter mode [added, diff_context, file, nofilter]
It's the same as the -filter-mode
flag of reviewdog.
Whether reviewdog should fail when errors are found. [true,false]
This is useful for failing CI builds in addition to adding comments when errors are found.
It's the same as the -fail-on-error
flag of reviewdog.
Optional. Report level for reviewdog [info,warning,error].
It's same as -level
flag of reviewdog.
Reporter of reviewdog command [github-pr-check,github-pr-review,github-check]. Default is github-pr-check. github-pr-review can use Markdown and add a link to rule page in reviewdog reports.
Optional. Additional reviewdog flags.
Optional. Flags and args of detect-secrets command.
The default is --all-files --force-use-all-plugins
.
Optional. The path to provide to --baseline
argument of detect-secrets command.
If provided, the baseline file will be updated with newly discovered secrets, otherwise it will be created.
The default is empty, so baseline created or overwritten.
name: reviewdog
on: [pull_request]
jobs:
detect-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: detect-secrets
uses: reviewdog/action-detect-secrets@master
with:
reporter: github-pr-review # Change reporter.
It is possible to disable detection for individual lines of code in case of false positives.
To do this, add a comment at the end of the line with text pragma: allowlist secret
.
public_key: | # pragma: allowlist secret
gX69YO4CvBsVjzAwYxdG
yDd30t5+9ez31gKATtj4
Or add a comment with the text pragma: allowlist nextline secret
before the line.
# pragma: allowlist nextline secret
public_key = gX69YO4CvBsVjzAwYxdG