Matouš Volf
e23e4de534
Some checks failed
actionlint check / actionlint check (pull_request) Failing after 3s
GitLeaks check / GitLeaks check (pull_request) Failing after 38s
conventional pull request title check / conventional pull request title check (pull_request) Successful in 41s
dotenv-linter check / dotenv-linter check (pull_request) Failing after 39s
hadolint check / hadolint check (pull_request) Failing after 37s
conventional commit messages check / conventional commit messages check (pull_request) Successful in 53s
htmlhint check / htmlhint check (pull_request) Successful in 56s
markdownlint check / markdownlint check (pull_request) Successful in 54s
Prettier check / Prettier check (pull_request) Successful in 30s
Rust check / Rust check (pull_request) Has been cancelled
Stylelint check / Stylelint check (pull_request) Successful in 35s
ShellCheck check / ShellCheck check (pull_request) Successful in 40s
yamllint check / yamllint check (pull_request) Successful in 46s
checkov check / checkov check (pull_request) Successful in 6m50s
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
---
|
|
name: GitLeaks check
|
|
|
|
on: # yamllint disable-line rule:truthy
|
|
pull_request:
|
|
types: [opened, edited, reopened, synchronize]
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
build:
|
|
name: GitLeaks check
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
packages: read
|
|
statuses: write
|
|
steps:
|
|
- name: GitLeaks installation
|
|
working-directory: /bin
|
|
run: |
|
|
set -e
|
|
|
|
VERSION="8.22.0"
|
|
|
|
ARCH="$(uname -m)"
|
|
if [ "$ARCH" = "x86_64" ] || [ "$ARCH" = "amd64" ]; then
|
|
TARBALL="gitleaks_${VERSION}_linux_x64.tar.gz"
|
|
CHECKSUM="ad66410e1e0bf262f864b6837b09cfa585f6b5816164023ee64847d3f7415eed gitleaks.tar.gz"
|
|
elif [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then
|
|
TARBALL="gitleaks_${VERSION}_linux_arm64.tar.gz"
|
|
CHECKSUM="3f95fef7e361adafed2b1bb9c591ba3bc6b595b4f296b346257301b7bf04be15 gitleaks.tar.gz"
|
|
else
|
|
echo "Unsupported architecture: $ARCH" > &2
|
|
exit 1
|
|
fi
|
|
|
|
wget -O "gitleaks.tar.gz" "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/${TARBALL}"
|
|
echo "$CHECKSUM" | sha256sum --check
|
|
|
|
tar xzf gitleaks.tar.gz
|
|
chmod +x gitleaks
|
|
- name: code checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
with:
|
|
fetch-depth: 0
|
|
- name: GitLeaks check
|
|
run: gitleaks git && gitleaks dir
|