{{- define "template.scan-trufflehog" -}}
- name: scan-trufflehog
  inputs:
    parameters:
      - name: working-dir
  container:
    image: {{ .Values.images.trufflehog | quote }}
    command:
      - sh
      - -c
    args:
      - |
        set -eu
        mkdir -p /workspace/reports
        trufflehog filesystem "/workspace/{{ `{{inputs.parameters.working-dir}}` }}" --json > /workspace/reports/trufflehog.json || true
    volumeMounts:
      - name: workspace
        mountPath: /workspace
{{- end }}