chore: add gitleaks to repo (#992)

/kind chore /area ci Add gitleaks to repo
kyma-project · Apr 15, 2024 · 2a5e9c3 · 2a5e9c3
1 parent 9cb809d
commit 2a5e9c3
Show file tree

Hide file tree

Showing 2 changed files with 2,529 additions and 0 deletions.
diff --git a/.github/workflows/pull-gitleaks.yaml b/.github/workflows/pull-gitleaks.yaml
@@ -0,0 +1,23 @@
+name: pull-gitleaks
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+env:
+  GITLEAKS_VERSION: 8.18.2
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Fetch gitleaks ${{ env.GITLEAKS_VERSION }}
+        run: curl -Lso gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v${{ env.GITLEAKS_VERSION }}/gitleaks_${{ env.GITLEAKS_VERSION }}_linux_x64.tar.gz && tar -xvzf ./gitleaks.tar.gz
+      - name: Run gitleaks
+        # Scan commits between base and head of the pull request
+        run: ./gitleaks detect --log-opts=${PULL_BASE_SHA}...${PULL_HEAD_SHA} --verbose --redact
+        env:
+          PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          PULL_HEAD_SHA: ${{ github.event.pull_request.head.sha }}