name: "Detect secrets with Talisman"
description: "Scan an incoming range of commits for accidentally added secrets and sensitive information"
inputs:
  local-ref:
    description: "Ref that was updated"
    required: false
    default: ${{ github.ref }}
  local-sha:
    description: "The latest of the incoming commits"
    required: false
    default: ${{ github.event.after }}
  remote-ref:
    description: "Ref that was updated"
    required: false
    default: ${{ github.ref }}
  remote-sha:
    description: "The latest commit on the remote being pushed to"
    required: false
    default: ${{ github.event.before }}
runs:
  using: "docker"
  image: "Dockerfile"
  args:
    - ${{ inputs.local-ref }} ${{ inputs.local-sha }} ${{ inputs.remote-ref }} ${{ inputs.remote-sha }}
branding:
  icon: "lock"
  color: "yellow"