split trufflehog scan into two actions, run on entire repo on schedul…

…ed event (#696) Should fix the scheduled nightly tests that are currently failing on the trufflehog scan step. Signed-off-by: Peter St. John <[email protected]>
NVIDIA · Mar 4, 2025 · cef3d2d · cef3d2d
1 parent 82bb20a
commit cef3d2d
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -37,12 +37,20 @@ jobs:
       # For `push` events, (i.e., post-merge tests), we run trufflehog on the entire main branch by setting the base to
       # ''. For some reason, the default behavior doesn't work well with the merge_group event, so we need to set these
       # manually.
-      - uses: trufflesecurity/trufflehog@main
+      - name: Run Trufflehog scan (for push to main)
+        id: push_scan
+        if: github.event_name == 'push' || github.event_name == 'schedule'
+        uses: trufflesecurity/trufflehog@main
         with:
-          path: ./
-          base: ${{ github.event_name != 'push' && github.event.repository.default_branch || '' }}
+          base: ''
+          head: HEAD
+
+      - name: Run Trufflehog scan (for PRs)
+        if: steps.push_scan.outcome == 'skipped'
+        uses: trufflesecurity/trufflehog@main
+        with:
+          base: ${{ github.event.repository.default_branch }}
           head: HEAD
-          extra_args: --only-verified
 
   build-bionemo-image:
     needs: pre-commit