Scanning-secrets: Support new-branch/renovate link

Signed-off-by: Chris Evich <[email protected]>
containers · Feb 1, 2024 · 0a4beea · 0a4beea
1 parent 0e9b07a
commit 0a4beea
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.github/workflows/scan-secrets.yml b/.github/workflows/scan-secrets.yml
@@ -81,6 +81,12 @@ jobs:
         name: Provide URL showing code that needs human eyes (force-push or merge)
         shell: bash
         run: |
+          if [[ "$before" =~ ^0000+ ]]; then  # Push to new branch (i.e. renovate branch)
+              echo "Please review newly opened branch for secret-leaks:"
+              # The event JSON provides the URL we need
+              jq -r -e '.compare' $GITHUB_EVENT_PATH
+              return 0
+          fi
           echo "Please review force-push or merged-pr changes for secret-leaks:"
           before=$(jq -r -e '.before' $GITHUB_EVENT_PATH)
           after=$(jq -r -e '.after' $GITHUB_EVENT_PATH)