Skip to content

Update TruffleHog workflow for better credential handling #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kazazes merged 1 commit into from
Aug 28, 2025
Merged

Update TruffleHog workflow for better credential handling #3

kazazes merged 1 commit into from
Aug 28, 2025

Conversation

@kazazes
Copy link
Contributor

@kazazes kazazes commented Aug 28, 2025
edited by ellipsis-dev bot
Loading

Important

Update TruffleHog workflow to improve credential handling by using GITHUB_TOKEN for fetching base commit and clarifying comments.

  • Workflow Update:
    • In .github/workflows/trufflehog.yml, updated the Checkout PR HEAD step to clarify it is fork-safe and does not use credentials.
    • Updated Fetch base commit step to use GITHUB_TOKEN for authentication when fetching the base commit.
  • Comments:
    • Improved comments for clarity on credential handling in the workflow steps.

This description was created by Ellipsis for 30811ea. You can customize this summary. It will automatically update as commits are pushed.

@kazazes kazazes merged commit 5123e99 into main Aug 28, 2025
1 check failed
ellipsis-dev[bot]
ellipsis-dev bot reviewed Aug 28, 2025
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 30811ea in 33 seconds. Click for details.
  • Reviewed 31 lines of code in 1 files
  • Skipped 0 files when reviewing.
  • Skipped posting 2 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/trufflehog.yml:16
  • Draft comment:
    The updated checkout step label now indicates credentials aren’t persisted, which clarifies intent. Ensure that the comment remains accurate if future changes occur.
  • Reason this comment was not posted:
    Confidence changes required: 0% <= threshold 50% None
2. .github/workflows/trufflehog.yml:26
  • Draft comment:
    The git fetch command now includes the token in the URL to fetch the base commit. Verify that the token is properly masked in logs to avoid accidental exposure. Consider sourcing the token from an environment variable to enhance clarity.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_gMd6T5miwVM9VBLM

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kazazes