apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59777 Commits
2292 Branches
613 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 12.0.2-manual-backport-org-fix
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '12.0.2-manual-backport-org-fix'
${ noResults }
grafana/.github/workflows/reject-gh-secrets.yml

31 lines
917 B
Raw Permalink Blame History

name: Reject GitHub secrets
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches:
- main
- release-*
permissions: {}
jobs:
reject-gh-secrets:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Grep for secrets accesses
run: |
if grep -E '\$\{\{\s*secrets\s*\.\s*[a-zA-Z0-9_\-]+\s*\}\}' .github/workflows/*.yml | grep -vF 'secrets.GITHUB_TOKEN' | grep -vF '# nolint:reject-gh-secrets'; then
echo "Found secrets access in the codebase. Please remove it in favour of Vault secrets."
echo "If you are sure this is correct, add '# nolint:reject-gh-secrets' to the end of the line. Be VERY careful with this."
exit 1
fi