secrets/.gitea/workflows/scan.yml

---
name: Static Application Security Testing
run-name: ${{ gitea.actor }} is start check sources
on: [pull_request]

jobs:
  scan-secrets:
    name: Scan secrets
    runs-on: docker
    container:
      image: harbor.avroid.tech/devops/clang-format:14-node20
    steps:
      - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
      - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
      - name: Check out repository code
        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
        with:
          fetch-depth: 0 # for work tj-actions/changed-files
          persist-credentials: false # for work tj-actions/changed-files
      - name: Scan for secrets
        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Actions/gitleaks-docker-action.git@v1