Create secrets-scan.yml

Author: matiasozdy

.github/workflows/secrets-scan.yml

@@ -0,0 +1,30 @@
+name: Secrets Scan
+
+on: [push, pull_request]
+
+jobs:
+  secrets-scan:
+    # for private repositories
+    runs-on: [self-hosted, automated-checks]
+    # for public repositories
+    # runs-on: [ubuntu-latest]
+
+    steps:
+      - name: Check Out Source Code
+        uses: actions/checkout@v2
+        with:
+          # By default, actions/checkout@v2 does a shallow clone with
+          # depth 1. 0 means 'fetch the whole history'. We use it here
+          # since we don't know how many commits a PR could have. If
+          # you're repo is very large and cloning is slow, you could
+          # try tweaking it to a value that the typical PR wouldn't
+          # exceed but that also prevents getting the full history
+          fetch-depth: 0
+        
+      - name: Secrets Scan
+        uses: Typeform/.github/shared-actions/secrets-scan@master
+        with:
+          docker-registry: ${{ secrets.GITLEAKS_DOCKER_REGISTRY }}
+          docker-username: ${{ secrets.GITLEAKS_DOCKER_USERNAME }}
+          docker-password: ${{ secrets.GITLEAKS_DOCKER_PASSWORD }}
+          gh-token: ${{ secrets.GH_TOKEN }}