This repository was archived by the owner on Jun 5, 2026. It is now read-only.
chore(deps): update npm to v10.9.8 #35
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: TruffleHog Secret Scanning | |
| # This workflow is designed to be enforced org-wide via GitHub rulesets | |
| # It calls the reusable TruffleHog workflow with sensible defaults for org-wide deployment | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| push: | |
| branches: | |
| - main | |
| merge_group: | |
| types: [checks_requested] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| checks: write | |
| id-token: write | |
| jobs: | |
| secret-scan: | |
| name: TruffleHog Secret Scan | |
| uses: grafana/security-github-actions/.github/workflows/reusable-trufflehog.yml@main | |
| with: | |
| # Non-blocking: job succeeds; PR still gets comments/artifacts when findings exist | |
| fail-on-verified: "false" # Set "true" to fail on verified secrets | |
| fail-on-unverified: "false" # Set "true" to fail on unverified secrets | |
| runs-on: ${{ (!github.event.repository.private || github.repository_owner != 'grafana') && 'ubuntu-latest' || 'ubuntu-arm64-small' }} # grafana private repos use self-hosted ARM64; other orgs use ubuntu-latest | |
| secrets: inherit |