From 891c8debc1310d5bfe41bcbf82390b9c480e2154 Mon Sep 17 00:00:00 2001
From: Lukasz Loboda <76950960+uoboda-splunk@users.noreply.github.com>
Date: Tue, 22 Feb 2022 11:30:47 +0100
Subject: [PATCH] feat: allow trufflehog false positive (#27)

* feat: allow trufflehog false positive

* Update reusable-build-test-release.yml

Co-authored-by: kkania-splunk <76955023+kkania-splunk@users.noreply.github.com>
---
 .github/workflows/reusable-build-test-release.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
index f5215de8..000a5c74 100644
--- a/.github/workflows/reusable-build-test-release.yml
+++ b/.github/workflows/reusable-build-test-release.yml
@@ -152,14 +152,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
+        if: github.event_name != 'pull_request'
+        uses: actions/checkout@v2
+        with:
+          submodules: false
+          fetch-depth: "0"
+      - name: Checkout for PR
+        if: github.event_name == 'pull_request'
         uses: actions/checkout@v2
         with:
           submodules: false
           fetch-depth: "0"
+          ref: ${{ github.head_ref }}
       - name: Trufflehog Actions Scan
-        uses: edplato/trufflehog-actions-scan@v0.9j-beta
+        uses: edplato/trufflehog-actions-scan@v0.9l-beta
         with:
-          scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt"
+          scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt --allow .github/workflows/trufflehog-false-positive.json"
 
   semgrep:
     runs-on: ubuntu-latest