From 26157eca3e30b44c55cfe7356dc2ddcc5c7705c7 Mon Sep 17 00:00:00 2001
From: Joonatan Saarhelo <joon.saar@gmail.com>
Date: Wed, 15 May 2024 08:15:04 +0100
Subject: [PATCH] chore: Syncs common workflows from the template into master
 (#22)

---
 .github/pull_request_template.md       | 20 ++++++++++++++++++++
 .github/workflows/cargo-license.yaml   |  8 ++++++++
 .github/workflows/secrets_scanner.yaml | 17 +++++++++++++++++
 CONTRIBUTING.md                        |  2 +-
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 .github/pull_request_template.md
 create mode 100644 .github/workflows/cargo-license.yaml
 create mode 100644 .github/workflows/secrets_scanner.yaml

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..8ce206c8
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,20 @@
+# What ❔
+
+<!-- What are the changes this PR brings about? -->
+<!-- Example: This PR adds a PR template to the repo. -->
+<!-- (For bigger PRs adding more context is appreciated) -->
+
+## Why ❔
+
+<!-- Why are these changes done? What goal do they contribute to? What are the principles behind them? -->
+<!-- Example: PR templates ensure PR reviewers, observers, and future iterators are in context about the evolution of repos. -->
+
+## Checklist
+
+<!-- Check your PR fulfills the following items. -->
+<!-- For draft PRs check the boxes as you complete them. -->
+
+- [ ] PR title corresponds to the body of PR (we generate changelog entries from PRs).
+- [ ] Tests for the changes have been added / updated.
+- [ ] Documentation comments have been added / updated.
+- [ ] Code has been formatted via `zk fmt` and `zk lint`.
diff --git a/.github/workflows/cargo-license.yaml b/.github/workflows/cargo-license.yaml
new file mode 100644
index 00000000..5fe13905
--- /dev/null
+++ b/.github/workflows/cargo-license.yaml
@@ -0,0 +1,8 @@
+name: Cargo license check
+on: pull_request
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 # v1.5.5
diff --git a/.github/workflows/secrets_scanner.yaml b/.github/workflows/secrets_scanner.yaml
new file mode 100644
index 00000000..1f6020c3
--- /dev/null
+++ b/.github/workflows/secrets_scanner.yaml
@@ -0,0 +1,17 @@
+name: Leaked Secrets Scan
+on: [pull_request]
+jobs:
+  TruffleHog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@11394ea318a12a5bf99c1b0cb7ba5e44b3c7a79c # v3.63.2
+        with:
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --debug --only-verified
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c832bc25..dd3d4584 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -41,4 +41,4 @@ and suggestions here too. Some resources to help:
 
 Be polite and respectful.
 
-### Thank you!
+### Thank you