To install the secret-scanner, you need to create a baseline file first

[bgolding355]

The problem

The secret-scanner will only partially work if $baseline-file dne.

This creates a problem because it requires anyone using this action must:

1. Know what Yelp/detect-secrets is
2. Have Yelp/detect-secrets installed
3. Know how to use Yelp/detect-secrets to create and audit a $baseline-file.

A proposed solution

Do:

1. Check if $baseline-file exists
2. If it exists, continue as normal
3. If it dne, create $baseline-file with all potential secrets marked as OK and commit it.

[bgolding355]

What do you think @jsoref ?

[bgolding355]

I talked to jsoref, we don't need to use any fancy tools for committing stuff, I can just use regular git tooling.

One thing I want to do, is handle the case where the push fails. It should:

1. Try to push to the branch
2. If it fails, create a new branch with a unique name (Can add a timestamp to it to be reasonably confident of this) and push to that
3. If that fails dump the file in the the GITHUB_STEP_SUMMARY