secrets-check.yml

name: Secrets Check

on:
  push:
    branches: [main]

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Detect secrets in incoming commits with Talisman
        # Third-party action, pin to commit SHA!
        # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
        uses: carhartl/talisman-secrets-scan-action@702fc5c52170632a568124896148a80f38521ac4
      - name: Send status to Slack
        # Third-party action, pin to commit SHA!
        # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
        uses: lazy-actions/slatify@c4847b8c84e3e8076fd3c42cc00517a10426ed65
        if: ${{ failure() && env.SLACK_WEBHOOK_URL }}
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
        with:
          type: ${{ job.status }}
          job_name: "Secrets scan :point_right:"
          mention: "here"
          mention_if: "failure"
          commit: true
          url: ${{ secrets.SLACK_WEBHOOK_URL }}
          token: ${{ secrets.GITHUB_TOKEN }}