Action

.github/workflows/main.yml

@@ -35,13 +35,24 @@ jobs:
         uses: RobertFischer/detect-secrets-action@v2.0.0
         with:
           DS_ADDL_ARGS: '--only-verified'
+      - name: Commit back .secrets.baseline (if it was missing)
+        uses: stefanzweifel/git-auto-commit-action@v4
+        if: ${{ always() }}   
+        with:
+          commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file"
+      - name: detect-secrets with reviewdog
+        if: ${{ always() }}
+        uses: reviewdog/action-detect-secrets@master
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-review # Change reporter.
       - name: Security and Licence Scan      
   # You may pin to the exact commit or the version.
   # uses: ShiftLeftSecurity/scan-action@54980bbdae434b8e7903cfcffa98a2601c207962
         uses: ShiftLeftSecurity/scan-action@v1.3.0
         if: ${{ always() }}        
+          # Source directory to scan. Defaults to /github/workspace
         with:
-    # Source directory to scan. Defaults to /github/workspace
           src: /github/workspace
     # Output directory for the generated reports. Defaults to /github/workspace/reports
           output: /github/workspace/reports