2

So I'm trying to run gitleaks through github-actions and using in their yaml file.

My goal is to run the gitleaks only on the last commit, means that if someone got error because having leaks in the code he need to fix that and just commit again and it will work.

Right now if i run it like it is it look on all the commits history and check that (and it's not good because if i fixed my leaks it should pass)

This is the yaml:

name: gitleaks

on: [pull_request]

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: gitleaks-action with defaults
        uses: zricethezav/gitleaks-action@master
      - name: gitleaks-action with config
        uses: zricethezav/gitleaks-action@master
        with:
          config-path: .gitleaks.yml

after reading little bit i tried to use:

- uses: actions/checkout@v2
        with:
          fetch-depth: '0'

but '0' still gives me all the commits history. tried to change to 1 or 2 and now it passed anyway (also if there is leaks in the code) and i got:

time="2021-12-21T13:52:58Z" level=info msg="commits scanned: 0"

How could i make it to run only on the last commit?

Bernana
  • 245
  • 1
  • 12

2 Answers2

0

PierreBis is correct, but that command will bring no results.

You should add -p also in the --log-opts parameter. The line below should works:

gitleaks detect --source . --log-opts "-p -n 1"
João Sabino
  • 1
-1

You can use '--log-opts ' gitleaks option to set commit limite (Gitleaks doc).

So to get only the last commit, you should use '-n 1' to limit the number of commits at one.

Whole gitleaks commande looks like: gitleaks detect --source . --log-opts "-n 1"

Notes: That doesn't limit github Action but gitleaks

Notes2: That will only test diff given by last commit (i.e: result of git log -p -n 1 command)

PierreBls
  • 19
  • 5