Secret scanning: Move debugging block

Previously, it was possible for one of several steps to throw an error, leaving the operator with no debugging details. Relocate the "important details" step earlier in the workflow to mitigate a risk of unavailable debugging info. [NO NEW TESTS NEEDED] Signed-off-by: Chris Evich <[email protected]>
cevich · Feb 8, 2024 · f861623 · f861623
1 parent 35d2f3b
commit f861623
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/.github/workflows/scan-secrets.yml b/.github/workflows/scan-secrets.yml
@@ -73,6 +73,21 @@ jobs:
         run: |
           echo "depth=$((${{ github.event.pull_request.commits }} + 1))" >> $GITHUB_OUTPUT
 
+      - name: Show important context details
+        shell: bash
+        run: |
+          set -euo pipefail
+          echo "The workspace path is '${{ github.workspace }}'"
+          echo "The github.base_ref value is '${{ github.base_ref }}'"
+          echo "The branch scan depth value is '${{ env.brdepth }}'"
+          echo "The PR clone depth value is '${{ steps.one_more_commit.outputs.depth }}'"
+          echo "The gitlogcmd value is '${{ env.gitlogcmd }}'"
+          echo "The gitlog range value is '${{ steps.gitlog.outputs.range }}'"
+          echo "The GitLeaks container FQIN is '${{ env.glfqin }}'"
+          echo "::group::The trigger event JSON"
+          jq --color-output --indent 2 --sort-keys . $GITHUB_EVENT_PATH
+          echo "::endgroup::"
+
       # A force-push to a PR can obscure Cirrus-CI logs, but not GHA logs.
       # Provide handy URL for examination of secret leaks for all events that
       # trigger this action.
@@ -101,21 +116,6 @@ jobs:
           after=$(jq -r -e '.pull_request.head.sha' $GITHUB_EVENT_PATH)
           echo "https://github.com/${{ github.repository }}/compare/${before}...${after}"
 
-      - name: Show important context details
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "The workspace path is '${{ github.workspace }}'"
-          echo "The github.base_ref value is '${{ github.base_ref }}'"
-          echo "The branch scan depth value is '${{ env.brdepth }}'"
-          echo "The PR clone depth value is '${{ steps.one_more_commit.outputs.depth }}'"
-          echo "The gitlogcmd value is '${{ env.gitlogcmd }}'"
-          echo "The gitlog range value is '${{ steps.gitlog.outputs.range }}'"
-          echo "The GitLeaks container FQIN is '${{ env.glfqin }}'"
-          echo "::group::The trigger event JSON"
-          jq --color-output --indent 2 --sort-keys . $GITHUB_EVENT_PATH
-          echo "::endgroup::"
-
       # N/B: Use "_" prefixed paths to (somewhat) guard against clashes.  GHA has some
       # non-POLA behaviors WRT `${{ github.workspace }}` + checkout action.
       - name: Checkout PR