Fix lint finding and only scan for verified secrets

Author: dustin-decker

.github/workflows/secrets.yml

@@ -9,9 +9,9 @@ jobs:
         with:
           fetch-depth: 0
       - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog
+        uses: trufflesecurity/trufflehog@main
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
-          extra_args: --debug
+          extra_args: --debug --only-verified

pkg/cloudsql/cloudsql.go

@@ -23,7 +23,7 @@ type Instances map[InstanceID]Databases
 // EnumerateCloudSQLDatabaseInstances enumerates Cloud SQL database instances in the given project.
 func EnumerateCloudSQLDatabaseInstances(ctx context.Context, sqlAdminSvc *sqladmin.Service, projectID, instanceID string) (Instances, error) {
 	log.Printf("Enumerating Cloud SQL instances in project %s", projectID)
-	
+
 	instances := Instances{}
 
 	enumerated := []string{}
@@ -87,8 +87,7 @@ func AddRoleBindingToGCSBucket(ctx context.Context, storageSvc *storage.Service,
 		}
 	}
 
-	// Update the policy
-	policy, err = storageSvc.Buckets.SetIamPolicy(bucketName, policy).Do()
+	_, err = storageSvc.Buckets.SetIamPolicy(bucketName, policy).Do()
 	if err != nil {
 		return err
 	}