name: Secrets Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  secrets-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Secrets Scan
        uses: trufflesecurity/trufflehog@main
        with:
          path: .
          base: main
          head: HEAD