From 6165964abafd9d1098ec0c907ea165225b53c44e Mon Sep 17 00:00:00 2001
From: Kirill Kramorov <kirill.kramorov@flant.com>
Date: Wed, 18 Sep 2024 16:35:19 +0700
Subject: [PATCH] [feat] add trufflehog

Signed-off-by: Kirill Kramorov <kirill.kramorov@flant.com>
---
 .github/workflow_templates/trufflehog.yml | 17 ++++++++++++-----
 .github/workflows/trufflehog.yml          | 17 ++++++++++++-----
 2 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/.github/workflow_templates/trufflehog.yml b/.github/workflow_templates/trufflehog.yml
index 5842c7d40..9f9cc0761 100644
--- a/.github/workflow_templates/trufflehog.yml
+++ b/.github/workflow_templates/trufflehog.yml
@@ -17,18 +17,25 @@ on:
   push:
     branches:
       - main
-      - feat/add-gitleaks
   pull_request:
 
 jobs:
-  test:
+  TruffleHog:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Secret Scanning
-        uses: trufflesecurity/trufflehog@main
+      - name: TruffleHog OSS
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@add-actions-cli-switch
+        continue-on-error: true
         with:
-          extra_args: --only-verified
+          path: ./
+          base: "${{ github.event.repository.default_branch }}"
+          head: HEAD
+          extra_args: --debug --only-verified
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1
diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
index e1aae5abf..a794b7e72 100644
--- a/.github/workflows/trufflehog.yml
+++ b/.github/workflows/trufflehog.yml
@@ -21,18 +21,25 @@ on:
   push:
     branches:
       - main
-      - feat/add-gitleaks
   pull_request:
 
 jobs:
-  test:
+  TruffleHog:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Secret Scanning
-        uses: trufflesecurity/trufflehog@main
+      - name: TruffleHog OSS
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@add-actions-cli-switch
+        continue-on-error: true
         with:
-          extra_args: --only-verified
+          path: ./
+          base: "${{ github.event.repository.default_branch }}"
+          head: HEAD
+          extra_args: --debug --only-verified
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1