Add git-secrets-scan workflow

currantw · currantw · commit bd23a4c09e04 · 2025-11-17T14:14:15.000-08:00
Signed-off-by: currantw &lt;taylor.curran@improving.com&gt;
diff --git a/.github/workflows/git-secrets-scan.yml b/.github/workflows/git-secrets-scan.yml
@@ -0,0 +1,37 @@
+name: Git Secrets Scan
+
+permissions:
+    contents: read
+
+on:
+    push:
+        branches:
+            - main
+            - release-*
+            - v*
+    workflow_dispatch:
+
+concurrency:
+    group: git-secrets-scan-${{ github.head_ref || github.ref }}
+    cancel-in-progress: true
+
+jobs:
+    scan:
+        runs-on: ubuntu-latest
+        timeout-minutes: 10
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v5
+
+            - name: Install git-secrets
+              run: |
+                  git clone --depth 1 --branch 1.3.0 https://github.com/awslabs/git-secrets.git
+                  cd git-secrets
+                  sudo make install
+
+            - name: Configure git-secrets
+              run: git secrets --register-aws
+
+            - name: Run git-secrets
+              run: git secrets --scan
