fix(ui): enforce 100-char limit on mute rule name input #28891
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Tools: TruffleHog' | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'v5.*' | |
| pull_request: | |
| branches: | |
| - 'master' | |
| - 'v5.*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| scan-secrets: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| # We can't block as Trufflehog needs to verify secrets against vendors | |
| egress-policy: audit | |
| # allowed-endpoints: > | |
| # github.com:443 | |
| # ghcr.io:443 | |
| # pkg-containers.githubusercontent.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # PRs only need the diff range; push to master/release walks the new range from event.before. | |
| # 50 is enough headroom for the longest realistic PR/push chain without paying for a full clone. | |
| fetch-depth: 50 | |
| persist-credentials: false | |
| - name: Scan diff for secrets with TruffleHog | |
| # Action auto-injects --since-commit/--branch from event payload; passing them in extra_args produces duplicate flags. | |
| uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4 | |
| with: | |
| extra_args: --results=verified,unknown |