@@ -278,6 +278,43 @@ runs:
278278 with :
279279 path : fingerprint.txt
280280
281+ - name : Check if .infisicalignore exists
282+ id : ignorefile
283+ shell : bash
284+ if : env.SECRETS_FOUND == 'true'
285+ run : |
286+ if [[ -f ".infisicalignore" ]]; then
287+ echo "exists=true" >> $GITHUB_OUTPUT
288+ else
289+ echo "exists=false" >> $GITHUB_OUTPUT
290+ fi
291+
292+ name : Prepare ignore file suggestion
293+ id : ignore_suggestion
294+ shell : bash
295+ if : env.SECRETS_FOUND == 'true'
296+ run : |
297+ echo "Preparing suggestion block..."
298+
299+ if [[ "${{ steps.ignorefile.outputs.exists }}" == "true" ]]; then
300+ echo "Appending fingerprints to existing .infisicalignore"
301+ cat .infisicalignore > new-ignorefile.txt
302+ echo "" >> new-ignorefile.txt
303+ cat fingerprint.txt >> new-ignorefile.txt
304+ else
305+ echo "Creating new .infisicalignore"
306+ cat fingerprint.txt > new-ignorefile.txt
307+ fi
308+
309+ # Remove duplicates (optional improvement)
310+ sort -u new-ignorefile.txt -o new-ignorefile.txt
311+
312+ echo "suggestion<<EOF" >> $GITHUB_OUTPUT
313+ echo '```suggestion:.infisicalignore' >> $GITHUB_OUTPUT
314+ cat new-ignorefile.txt >> $GITHUB_OUTPUT
315+ echo '```' >> $GITHUB_OUTPUT
316+ echo "EOF" >> $GITHUB_OUTPUT
317+
281318name : Update PR with comment (success)
282319 uses : mshick/add-pr-comment@v3
283320 if : env.SCAN_RAN == 'true' && env.SECRETS_FOUND == 'false' && env.FORKED == 'false' && inputs.ADD_COMMENT == 'true'
@@ -343,7 +380,9 @@ runs:
343380 </details>
344381
345382 > [!TIP]
346- > If you want to ignore these leaked secrets, add the above **fingerprint** content to a file named `.infisicalignore` at the repository root level.
383+ > You can commit the fingerprint list below to automatically create or update `.infisicalignore`:
384+
385+ ${{ steps.ignore_suggestion.outputs.suggestion }}
347386
348387name : Update PR with comment (tool failure)
349388 uses : mshick/add-pr-comment@v3
0 commit comments