Use talisman pattern instead of file checksum (#48)

digitalservicebund · Jan 13, 2025 · 551f98c · 551f98c
1 parent 6636b1e
commit 551f98c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/security-jobs.yml b/.github/workflows/security-jobs.yml
@@ -40,7 +40,7 @@ jobs:
 
   secrets-scan-with-talisman: # scan for secrets that were published by mistake (we have a pre-commit and pre-push hook, but who knows)
     runs-on: ubuntu-latest
-    # Running on main only https://digitalservicebund.slack.com/archives/C046VD44ZEH/p1706516240974409
+    # Running on main only as branches pose problems: https://digitalservicebund.slack.com/archives/C046VD44ZEH/p1706516240974409
     if: ${{ github.ref == 'refs/heads/main' }}
     # Mitigation through https://digitalservicebund.slack.com/archives/C046VD44ZEH/p1706525248390559
     # Activated Secret Scanning and Push Protection in GitHub Repo Settings

diff --git a/.talismanrc b/.talismanrc
@@ -12,8 +12,6 @@ fileignoreconfig:
     checksum: fa217d4a34afcd967e6c35b10e139cd5c52711e41c190f477576441081b5cf99
   - filename: LICENSE
     checksum: 00de5fa1aad2fcb968beb5d1bbf09931fc9d3f160f11b945b24f3203ea025917
-  - filename: .github/workflows/security-jobs.yml
-    checksum: 6bad26404f5327349658f52897d21982129df33d553ab12b9bb69caf6c9d168f
 
 allowed_patterns:
   # allow these specific patterns that include hex encoded text
@@ -29,6 +27,8 @@ allowed_patterns:
   - "uses: digitalservicebund/argocd-deploy@4fac1bb67c92ed168f6d9b22f8779ce241a9e412"
   - "uses: digitalservicebund/track-deployment@5a2815e150e1268983aac5ca04c8c046ed1b614a"
   - "dsn: 'https://[email protected]/4508482613084160'"
+  - "https://digitalservicebund.slack.com/archives/C046VD44ZEH/p1706516240974409"
+  - "https://digitalservicebund.slack.com/archives/C046VD44ZEH/p1706525248390559"
   # allow these specific patterns with the term "secret"
   - secrets-scan-with-talisman
   - "secrets: inherit"