From bf3e998cb87b62d08b4827d6a2b1aa9f882f5925 Mon Sep 17 00:00:00 2001
From: William Hsieh <williamhsieh@synology.com>
Date: Fri, 6 Sep 2024 14:59:31 +0800
Subject: [PATCH] fix(ci): separate gitleaks github action

---
 .github/workflows/build.yml |  5 -----
 .github/workflows/check.yml | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/check.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 39b6e052..5ca9b0d1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -34,11 +34,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - uses: gitleaks/gitleaks-action@v2
-        if: ${{ github.ref == 'refs/heads/master' && matrix.target != 'home-manager' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Insall nix
         uses: cachix/install-nix-action@V27
         with:
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
new file mode 100644
index 00000000..04f069ef
--- /dev/null
+++ b/.github/workflows/check.yml
@@ -0,0 +1,16 @@
+name: gitleaks
+on: [pull_request, push, workflow_dispatch]
+jobs:
+  scan:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # TODO: add nix flake check