From 64013787150207d677e150340ebe293e65fdf09f Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 22 Aug 2024 07:22:30 -0700
Subject: [PATCH] update baseline

---
 .ds.baseline                 |  6 +++---
 .github/workflows/checks.yml | 23 +++++++++++++++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/.ds.baseline b/.ds.baseline
index 20143d6cd..c2d75d55e 100644
--- a/.ds.baseline
+++ b/.ds.baseline
@@ -133,7 +133,7 @@
         "filename": ".github/workflows/checks.yml",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
         "is_verified": false,
-        "line_number": 27,
+        "line_number": 50,
         "is_secret": false
       },
       {
@@ -141,7 +141,7 @@
         "filename": ".github/workflows/checks.yml",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
         "is_verified": false,
-        "line_number": 44,
+        "line_number": 67,
         "is_secret": false
       }
     ],
@@ -384,5 +384,5 @@
       }
     ]
   },
-  "generated_at": "2024-08-13T22:32:28Z"
+  "generated_at": "2024-08-22T14:22:18Z"
 }
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 830fcc30a..ef43f1f5e 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -16,6 +16,29 @@ env:
   AWS_US_TOLL_FREE_NUMBER: "+18556438890"
 
 jobs:
+  rotate-secret:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Generate new secret value
+        id: generate-secret
+        run: |
+          # Generate a new random secret value
+          NEW_SECRET=$(openssl rand -base64 32)
+          echo "new-secret=$NEW_SECRET" >> $GITHUB_ENV
+      - name: Update GitHub secret
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NEW_SECRET: ${{ env.new-secret }}
+        run: |
+          # Update the secret in the repository
+          curl -X PUT \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/${{ github.repository }}/actions/secrets/DANGEROUS_SALT \
+            -d "{\"encrypted_value\":\"$(echo -n $NEW_SECRET | base64)\",\"key_id\":\"$(curl -H 'Authorization: token $GITHUB_TOKEN' https://api.github.com/repos/${{ github.repository }}/actions/secrets/public-key | jq -r '.key_id')\"}"
   build:
     runs-on: ubuntu-latest