Automatic (outdated) images cleanup #38

	name: Trufflehog security scan

	on:
	schedule:
	- cron: '0 10 * * *'
	push:
	branches-ignore:
	- master

	jobs:
	trufflehog-vulnerability-detection:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Display File Structure
	run: \|
	echo "Displaying file structure..."
	find . -type f

	- name: Secret Scanning
	id: trufflehog_scan
	uses: trufflesecurity/[email protected]
	with:
	path: ./
	base: "${{ github.event.repository.default_branch }}"
	head: HEAD
	extra_args: --debug

	- name: Check Trufflehog Result and Fail if Secrets Found
	run: \|
	if [ "${{ steps.trufflehog_scan.outcome }}" == "failure" ]; then
	echo "Secrets were found by Trufflehog!"
	exit 1 # This will fail the workflow
	fi

	- name: Send Slack Notification
	if: github.event.schedule == '0 10 * * *'
	uses: slackapi/[email protected]
	with:
	payload: \|
	{
	"text": "Trufflehog scan completed for ${{ github.repository }}",
	"attachments": [
	{
	"pretext": "Trufflehog Scan Results",
	"color": "${{ steps.trufflehog_scan.outcome == 'success' && 'good' \|\| 'danger' }}",
	"fields": [
	{
	"title": "Outcome",
	"value": "${{ steps.trufflehog_scan.outcome == 'success' && 'No secrets found' \|\| 'Secrets were found' }}",
	"short": true
	},
	{
	"title": "Branch",
	"value": "${{ github.ref }}",
	"short": true
	},
	{
	"title": "Commit",
	"value": "${{ github.sha }}",
	"short": true
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

Provide feedback