on:
  push:
    branches:
      - main
  pull_request:

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Install TruffleHog
      run: |
        curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \
          | sh -s -- -b /usr/local/bin
    - name: Secret Scanning
      run: trufflehog git file://. --fail --no-update --results=verified,unknown