Merge pull request #167 from contentstack/master

harshithad0703 · web-flow · commit c9b18bbb6f23 · 2025-05-26T13:13:40.000+05:30
back merge
diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml
@@ -24,4 +24,23 @@ jobs:
       - uses: actions/checkout@master
       - name: Checks for License file
         run: |
-          if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi
+          expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt")
+          license_file_found=false
+          current_year=$(date +"%Y")
+
+          for license_file in "${expected_license_files[@]}"; do
+              if  [ -f "$license_file" ]; then
+                 license_file_found=true
+                 # check the license file for the current year, if not exists, exit with error
+                  if  ! grep -q "$current_year" "$license_file"; then
+                      echo "License file $license_file does not contain the current year."
+                      exit 2
+                  fi
+                  break
+              fi        
+          done
+
+          if [ "$license_file_found" = false ]; then
+              echo "No license file found. Please add a license file to the repository."
+              exit 1
+          fi
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -0,0 +1,29 @@
+name: Secrets Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '2'
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - run: |
+          git reset --soft HEAD~1
+      - name: Install Talisman
+        run: |
+          # Download Talisman
+          wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman
+
+          # Checksum verification
+          checksum=$(sha256sum ./talisman | awk '{print $1}')
+          if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi  
+
+          # Make it executable
+          chmod +x talisman
+      - name: Run talisman
+        run: |
+          # Run Talisman with the pre-commit hook
+          ./talisman --githook pre-commit
diff --git a/.talismanrc b/.talismanrc
@@ -1,4 +1,7 @@
 fileignoreconfig:
+- filename: .github/workflows/secrets-scan.yml
+  ignore_detectors:
+    - filecontent
 - filename: package-lock.json
   checksum: 9746d3b1ac67da5dc0f3ec6f8798166bc8b9c1e4c736de01f7c52b2f9cc194be
 - filename: src/entry-editable.ts
