From 1c33b092850124bf9a16574738ad064d9cfa17e3 Mon Sep 17 00:00:00 2001
From: Nick Jackson <nick@dxw.com>
Date: Tue, 22 Nov 2022 14:06:48 +0000
Subject: [PATCH] Add a check for secrets

This action will check the repository for committed secrets, and fail
(allowing the user to take action) if they're present.
---
 .gitallowed                   |  1 +
 .github/workflows/secrets.yml | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 .gitallowed
 create mode 100644 .github/workflows/secrets.yml

diff --git a/.gitallowed b/.gitallowed
new file mode 100644
index 0000000..72ef001
--- /dev/null
+++ b/.gitallowed
@@ -0,0 +1 @@
+arn:aws:sns:[a-z0-9-]+:[0-9]{12}:[a-z0-9-]+
diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml
new file mode 100644
index 0000000..34085c6
--- /dev/null
+++ b/.github/workflows/secrets.yml
@@ -0,0 +1,11 @@
+name: Source safety
+on:
+  pull_request:
+  push:
+jobs:
+  secrets:
+    name: Check for secrets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: nationalarchives/tdr-github-actions/.github/actions/run-git-secrets@main