--- name: GitLeaks check on: # yamllint disable-line rule:truthy pull_request: types: [opened, edited, reopened, synchronize] permissions: {} jobs: build: name: GitLeaks check runs-on: ubuntu-22.04 permissions: contents: read pull-requests: read packages: read statuses: write steps: - name: GitLeaks installation working-directory: /bin run: | set -e VERSION="v8.22.0" CHECKSUM="3f95fef7e361adafed2b1bb9c591ba3bc6b595b4f296b346257301b7bf04be15 gitleaks.tar.gz" wget -O "gitleaks.tar.gz" "https://github.com/gitleaks/gitleaks/releases/download/$VERSION/gitleaks_8.22.0_linux_arm64.tar.gz" echo "$CHECKSUM" | sha256sum --check tar xzf gitleaks.tar.gz chmod +x gitleaks - name: code checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 0 - name: GitLeaks check run: gitleaks git && gitleaks dir