Commit Graph

4 Commits

Author SHA1 Message Date
openshift-ci[bot]
80a9f23f89 Merge pull request #20532 from containers/renovate/dawidd6-action-send-mail-3.x
[skip-ci] Update dawidd6/action-send-mail action to v3.9.0
2023-11-01 13:07:39 +00:00
Chris Evich
4c67a6aed2 Fix secrets scanning GHA Workflow
The podman in `ubuntu-latest` environment apparently is too old to
support `--userns=keep-id:uid=1000,gid=1000`.  Employ workaround in GHA
workflow and in `prebuild.sh` check.

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-10-30 12:06:17 -04:00
renovate[bot]
2193bb8fcd [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-30 15:43:25 +00:00
Chris Evich
6cb10425d4 Implement secrets/credential scanning
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history.  This is especially important on newly created
release-branches, which may begin with content from who-knows-where.

Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line.  Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-10-05 11:16:19 -04:00