Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
shield

GitHub Action

Run detect-secrets with reviewdog

v0.4.3

Run detect-secrets with reviewdog

shield

Run detect-secrets with reviewdog

🐶 Run detect-secrets with reviewdog on pull requests to improve code review experience

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Run detect-secrets with reviewdog

uses: reviewdog/action-detect-secrets@v0.4.3

Learn more about this action in reviewdog/action-detect-secrets

Choose a version

GitHub Action: Run detect-secrets with reviewdog

This action runs detect-secrets with reviewdog on pull requests to improve code review experience.

detect-secrets-1

Inputs

github_token

Required. Must be in form of github_token: ${{ secrets.github_token }}'.

workdir

Optional. The directory from which to look for and run detect-secrets. Default '.'

filter_mode

Optional. Reviewdog filter mode [added, diff_context, file, nofilter] It's the same as the -filter-mode flag of reviewdog.

fail_on_error

Whether reviewdog should fail when errors are found. [true,false] This is useful for failing CI builds in addition to adding comments when errors are found. It's the same as the -fail-on-error flag of reviewdog.

level

Optional. Report level for reviewdog [info,warning,error]. It's same as -level flag of reviewdog.

reporter

Reporter of reviewdog command [github-pr-check,github-pr-review,github-check]. Default is github-pr-check. github-pr-review can use Markdown and add a link to rule page in reviewdog reports.

reviewdog_flags

Optional. Additional reviewdog flags.

detect_secrets_flags

Optional. Flags and args of detect-secrets command. The default is --all-files --force-use-all-plugins.

Example usage

name: reviewdog
on: [pull_request]
jobs:
  detect-secrets:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: detect-secrets
      uses: reviewdog/action-detect-secrets@master
      with:
        github_token: ${{ secrets.github_token }}
        reporter: github-pr-review # Change reporter.

Troubleshooting

False positives

It is possible to disable detection for individual lines of code in case of false positives. To do this, add a comment at the end of the line with text pragma: allowlist secret.

public_key: |  # pragma: allowlist secret
    gX69YO4CvBsVjzAwYxdG
    yDd30t5+9ez31gKATtj4

Or add a comment with the text pragma: allowlist nextline secret before the line.

# pragma: allowlist nextline secret
public_key = gX69YO4CvBsVjzAwYxdG