Skip to content

Commit cf48835

Browse files
committed
ci: run gitleaks from pinned CLI
1 parent a7dd93f commit cf48835

1 file changed

Lines changed: 14 additions & 6 deletions

File tree

.github/workflows/security.yml

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,6 @@ permissions:
1313
pull-requests: read
1414
issues: read
1515

16-
env:
17-
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
18-
1916
jobs:
2017
audit:
2118
name: pnpm audit (high)
@@ -52,7 +49,18 @@ jobs:
5249
with:
5350
fetch-depth: 0
5451

55-
- name: gitleaks
56-
uses: gitleaks/gitleaks-action@v2
52+
- name: Install gitleaks
5753
env:
58-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
54+
GITLEAKS_VERSION: 8.30.1
55+
run: |
56+
set -euo pipefail
57+
archive="gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz"
58+
base_url="https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}"
59+
curl -sSfLO "${base_url}/${archive}"
60+
curl -sSfLO "${base_url}/gitleaks_${GITLEAKS_VERSION}_checksums.txt"
61+
grep " ${archive}$" "gitleaks_${GITLEAKS_VERSION}_checksums.txt" | sha256sum -c -
62+
tar -xzf "${archive}" gitleaks
63+
sudo install -m 0755 gitleaks /usr/local/bin/gitleaks
64+
65+
- name: gitleaks
66+
run: gitleaks detect --source . --redact --verbose

0 commit comments

Comments
 (0)