-
Notifications
You must be signed in to change notification settings - Fork 1
60 lines (53 loc) · 1.59 KB
/
gitleaks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
---
name: Gitleaks 🌧️
on:
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
branches:
- main
push:
branches:
- main
workflow_call:
inputs:
gitleaks-version:
description: Gitleaks executable version.
required: false
type: string
default: "8.18.2"
concurrency:
group: gitleaks-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
gitleaks:
name: ${{ vars.CI_IMAGE }}
runs-on: ubuntu-latest
container:
image: ${{ vars.CI_IMAGE }}
steps:
- name: Checkout project ⬇️
uses: actions/checkout@v4
- name: Normalize inputs 📐
shell: bash
run: |
gitleaks_version_input="${{ inputs.gitleaks-version }}"
echo "GITLEAKS_VERSION=${gitleaks_version_input:-8.18.2}" >> $GITHUB_ENV
- name: Install gitleaks 💧
run: |
cd /tmp
wget -q \
"https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
-O gitleaks.tar.gz || \
(echo "Error downloading gitleaks ${GITLEAKS_VERSION} tarball" && exit 1)
tar -xvzf gitleaks.tar.gz || \
(echo "Error unarchiving gitleaks ${GITLEAKS_VERSION} tarball" && exit 1)
mv gitleaks /usr/bin/. || \
(echo "Error moving gitleaks for /usr/bin" && exit 1)
shell: bash
- name: Run gitleaks 🌧️
run: gitleaks -v detect --no-git --source .
shell: bash