Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Commit

Permalink
new workflow added
Browse files Browse the repository at this point in the history
  • Loading branch information
insider-automation committed Dec 1, 2023
1 parent f97c4aa commit 7ffc2de
Showing 1 changed file with 7 additions and 36 deletions.
43 changes: 7 additions & 36 deletions .github/workflows/git-leak.yml
Original file line number Diff line number Diff line change
@@ -1,44 +1,15 @@
name: gitleaks
on:
pull_request:
types: [ready_for_review]
env:
GIT_DISCOVERY_ACROSS_FILESYSTEM: 1
name: Gitleaks-Action
on: [push]
jobs:
gitleaks:
build:
runs-on: self-runner-node
steps:
- name: Checkout Repository
uses: actions/checkout@v2
with:
fetch-depth: '2'
- name: Detecting new added lines
run: |
git fetch origin ${{ github.event.repository.default_branch }}
git diff origin/${{ github.event.repository.default_branch }}..HEAD --name-only | xargs git diff origin/${{ github.event.repository.default_branch }}..HEAD -- | grep '+' | sed 's/+//' | sed 's/^[ \t]*//' > new-added-lines.txt
working-directory: ${{ github.workspace }}
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: 1.16
- name: Install gitleaks
run: |
go get github.com/zricethezav/gitleaks/v7
- name: Run gitleaks
run: |
gitleaks --no-git --path ${{ github.workspace }}/new-added-lines.txt --verbose --report=${{ github.workspace }}/gitleaks-report.json
- name: Send to Lambda
if: ${{ always() }}
- name: Trigger to Gitleak
run: |
python -c '
import json,sys,requests;
try:
output=open("./gitleaks-report.json");
except IOError:
sys.exit(0);
json_result=json.loads(output.read());
github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'", "pr_number": "'${{ github.event.number }}'"};
request_json = {"gitleaks_result": json_result,"github": github_result};
requests.post("'$LambdaWebHook'", json=request_json)'
github = {"repository": "'${{ github.event.repository.name }}'", "ref": "'${{ github.ref_name }}'"};
github_request = {"insider_gitleak": github};
requests.post("'$LambdaWebHook'", json=github_request);'
env:
LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}

0 comments on commit 7ffc2de

Please sign in to comment.