Skip to content

Workflow file for this run

name: pull-gitleaks
on:
pull_request:
types: [opened, edited, synchronize, reopened, ready_for_review]
env:
GITLEAKS_VERSION: 8.18.2
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Fetch gitleaks ${{ env.GITLEAKS_VERSION }}
run: curl -Lso gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v${{ env.GITLEAKS_VERSION }}/gitleaks_${{ env.GITLEAKS_VERSION }}_linux_x64.tar.gz && tar -xvzf ./gitleaks.tar.gz
- name: Run gitleaks
# Scan commits between base and head of the pull request
run: ./gitleaks detect --log-opts=${PULL_BASE_SHA}...${PULL_HEAD_SHA} --verbose --redact -c .gitleaks.toml
env:
PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
PULL_HEAD_SHA: ${{ github.event.pull_request.head.sha }}