In Actions, use the same secrets detection as recommended in the README

NASA-PDS · Feb 13, 2025 · 4a60319 · 4a60319
1 parent afe3c09
commit 4a60319
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/secrets-detection.yaml b/.github/workflows/secrets-detection.yaml
@@ -45,7 +45,7 @@ jobs:
 
                     # find the secrets in the repository
                     detect-secrets scan --disable-plugin AbsolutePathDetectorExperimental --baseline .secrets.new \
-                        --exclude-files '\.secrets..*' \
+                        --exclude-files '\.secrets\..*' \
                         --exclude-files '\.git.*' \
                         --exclude-files '\.pre-commit-config\.yaml' \
                         --exclude-files '\.mypy_cache' \
@@ -55,7 +55,9 @@ jobs:
                         --exclude-files 'venv' \
                         --exclude-files 'dist' \
                         --exclude-files 'build' \
-                        --exclude-files '.*\.egg-info'
+                        --exclude-files '.*\.egg-info' \
+                        --exclude-files '.*\.tfstate' \
+                        --exclude-files '.*\.tfvars'
 
                     # if there is any difference between the known and newly detected secrets, break the build
                     # Function to compare secrets without listing them