Run detect-secrets with reviewdog
ActionsTags
(2)This action runs detect-secrets with reviewdog on pull requests to improve code review experience.
Required. Must be in form of github_token: ${{ secrets.github_token }}
'.
Optional. The directory from which to look for and run detect-secrets. Default '.'
Optional. Reviewdog filter mode [added, diff_context, file, nofilter]
It's the same as the -filter-mode
flag of reviewdog.
Optional. If set to none
, always use exit code 0 for reviewdog.
Otherwise, exit code 1 for reviewdog if it finds at least 1 issue with severity greater than or equal to the given level.
Possible values: [none
, any
, info
, warning
, error
]
Default is none
.
Deprecated, use fail_level
instead.
Whether reviewdog should fail when errors are found. [true,false]
This is useful for failing CI builds in addition to adding comments when errors are found.
It's the same as the -fail-on-error
flag of reviewdog.
Optional. Report level for reviewdog [info,warning,error].
It's same as -level
flag of reviewdog.
Reporter of reviewdog command [github-pr-check,github-pr-review,github-check]. Default is github-pr-check. github-pr-review can use Markdown and add a link to rule page in reviewdog reports.
Optional. Additional reviewdog flags.
Optional. Flags and args of detect-secrets command. The default is --all-files --force-use-all-plugins
.
This can be used to exclude paths, secrets or lines to ignore false positives.
Optional. The path to provide to --baseline
argument of detect-secrets command.
If provided, the baseline file will be updated with newly discovered secrets, otherwise it will be created.
The default is empty, so baseline created or overwritten.
name: reviewdog
on: [pull_request]
jobs:
detect-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: detect-secrets
uses: reviewdog/action-detect-secrets@master
with:
reporter: github-pr-review # Change reporter.
Since the detect-secrets CLI can report false positives, it is likely you will have to configure it by using the detect_secrets_flags
input to ignore any or use inline comments. There are 4 filtering options to ignore false positives:
Run detect-secrets with reviewdog is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.