dtos-manage-breast-screening/.github/workflows/scan-repository.yaml at 1558172a30af1d3bd8e535d800505e9e8e21ce30 · NHSDigital/dtos-manage-breast-screening · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: 'Scan repository'

on:
  schedule:
    - cron: '0 9 * * MON-FRI'
  workflow_dispatch:

jobs:
  scan-secrets:
    name: 'Scan secrets'
    runs-on: ubuntu-latest
    timeout-minutes: 2
    steps:
      - name: 'Checkout code'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0 # Full history is needed to scan all commits
      - name: 'Scan secrets'
        uses: ./.github/actions/scan-secrets

      - name: Notify slack
        if: ${{ failure() }}
        uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2
        with:
          webhook: ${{ secrets.SLACK_WEBHOOK_DEV_NOTIFICATIONS_URL }}
          webhook-type: incoming-webhook
          payload: |
            blocks:
              - type: section
                text:
                  type: mrkdwn
                  text: ":warning: Repository scan failed:"
              - type: section
                fields:
                - type: mrkdwn
                  text: |-
                    *Workflow:*
                    <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>
                - type: mrkdwn
                  text: |-
                    *Job:*
                    ${{ github.job }}
                - type: mrkdwn
                  text: |-
                    *Repo:*
                    ${{ github.repository }}