GitHub Action
Run detect-secrets with reviewdog
This action runs detect-secrets with reviewdog on pull requests to improve code review experience.
Required. Must be in form of github_token: ${{ secrets.github_token }}
'.
Optional. The directory from which to look for and run detect-secrets. Default '.'
Optional. Reviewdog filter mode [added, diff_context, file, nofilter]
It's the same as the -filter-mode
flag of reviewdog.
Whether reviewdog should fail when errors are found. [true,false]
This is useful for failing CI builds in addition to adding comments when errors are found.
It's the same as the -fail-on-error
flag of reviewdog.
Optional. Report level for reviewdog [info,warning,error].
It's same as -level
flag of reviewdog.
Reporter of reviewdog command [github-pr-check,github-pr-review,github-check]. Default is github-pr-check. github-pr-review can use Markdown and add a link to rule page in reviewdog reports.
Optional. Additional reviewdog flags.
Optional. Flags and args of detect-secrets command. The default is --all-files --force-use-all-plugins
.
This can be used to exclude paths, secrets or lines to ignore false positives.
Optional. The path to provide to --baseline
argument of detect-secrets command.
If provided, the baseline file will be updated with newly discovered secrets, otherwise it will be created.
The default is empty, so baseline created or overwritten.
name: reviewdog
on: [pull_request]
jobs:
detect-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: detect-secrets
uses: reviewdog/action-detect-secrets@master
with:
reporter: github-pr-review # Change reporter.
Since the detect-secrets CLI can report false positives, it is likely you will have to configure it by using the detect_secrets_flags
input to ignore any or use inline comments. There are 4 filtering options to ignore false positives: