Merge branch 'trufflehog-update' into 'main'

    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

      when: never

    - when: always

  # script:

  #   - |

  #     pip install trufflehog

  #     cd ../

  #     trufflehog filesystem sdk --exclude-paths sdk/cicd/exclusions --max-depth 5

  script:

    - |

      set -euo pipefail

      # 1) Descargar trufflehog v3 (binario) en vez del "trufflehog" de pip (v2)

      TRUF_VER="v3.82.0"

      ARCH="linux_amd64"   # si tus runners son amd64

      curl -sSL -o /tmp/trufflehog.tgz "https://github.com/trufflesecurity/trufflehog/releases/download/${TRUF_VER}/trufflehog_${TRUF_VER#v}_${ARCH}.tar.gz"

      tar -xzf /tmp/trufflehog.tgz -C /usr/local/bin trufflehog

      trufflehog --version

      # 2) Ejecutar scan sobre la carpeta sdk

      # OJO: usa el fichero real de exclusiones (ajusta si no está en cicd/exclusions)

      trufflehog filesystem sdk --exclude-paths cicd/exclusions --max-depth 5

      pip install trufflehog

      cd ../

      trufflehog sdk --exclude_paths sdk/cicd/exclusions --max_depth=5

  <<: *dev_common

# define the process to do linting code: ruff