CI: keep full secret scans on main

2026-03-12 07:20:45 +00:00 · 2026-03-06 14:41:20 -05:00
parent b529b7c6b7
commit 66112980aa
1 changed files with 4 additions and 3 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -310,11 +310,12 @@ jobs:
          set -euo pipefail

          if [ "${{ github.event_name }}" = "push" ]; then
-            BASE="${{ github.event.before }}"
-          else
-            BASE="${{ github.event.pull_request.base.sha }}"
+            echo "Running full detect-secrets scan on push."
+            pre-commit run --all-files detect-secrets
+            exit 0
          fi

+          BASE="${{ github.event.pull_request.base.sha }}"
          changed_files=()
          if git rev-parse --verify "$BASE^{commit}" >/dev/null 2>&1; then
            while IFS= read -r path; do