From 80f492d17a88a44b428276b5c0f85c5fbd3c0b1a Mon Sep 17 00:00:00 2001 From: Andy Wu Date: Fri, 12 Apr 2024 13:31:44 -0700 Subject: [PATCH] [fix] properly pass secrets from caller to reusable workflow --- .github/workflows/reusable-secrets-scanning.yml | 12 ++++++++++-- .github/workflows/secrets-scanning.yml | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-secrets-scanning.yml b/.github/workflows/reusable-secrets-scanning.yml index 9651fb9..d97953a 100644 --- a/.github/workflows/reusable-secrets-scanning.yml +++ b/.github/workflows/reusable-secrets-scanning.yml @@ -10,6 +10,11 @@ on: required: false type: number default: 2 + secrets: + SLACK_BOT_TOKEN: + required: true + SLACK_CHANNEL_ID_GITHUB_NOTIFICATION: + required: true jobs: SecurityScan: @@ -37,14 +42,17 @@ jobs: channel-id: ${{ secrets.SLACK_CHANNEL_ID_GITHUB_NOTIFICATION }} payload: | { - "text": "${{ github.repository }}: API Integration Tests have been completed. Check the results at github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", + "text": "TruffleHog scan detected secrets in ${{ + github.repository }}. Please review the action logs.", "blocks": [ { "type": "divider" }, { "type": "section", "text": { "type": "mrkdwn", - "text":"${{ github.repository }}: TruffleHog scan found secrets in the repository. Check the results at github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "🚨 *Alert:* TruffleHog detected secrets in ${{ + github.repository }}. [View details](https://github.com/${{ + github.repository }}/actions/runs/${{ github.run_id }})" } } ] diff --git a/.github/workflows/secrets-scanning.yml b/.github/workflows/secrets-scanning.yml index 29f3b3a..ab586f5 100644 --- a/.github/workflows/secrets-scanning.yml +++ b/.github/workflows/secrets-scanning.yml @@ -15,3 +15,4 @@ jobs: branch: ${{ github.ref_name }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL_ID_GITHUB_NOTIFICATION: ${{ secrets.SLACK_CHANNEL_ID_GITHUB_NOTIFICATION }}