So I'm trying to run gitleaks through github-actions and using in their yaml file.
My goal is to run the gitleaks only on the last commit, means that if someone got error because having leaks in the code he need to fix that and just commit again and it will work.
Right now if i run it like it is it look on all the commits history and check that (and it's not good because if i fixed my leaks it should pass)
This is the yaml:
name: gitleaks
on: [pull_request]
jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: gitleaks-action with defaults
uses: zricethezav/gitleaks-action@master
- name: gitleaks-action with config
uses: zricethezav/gitleaks-action@master
with:
config-path: .gitleaks.yml
after reading little bit i tried to use:
- uses: actions/checkout@v2
with:
fetch-depth: '0'
but '0' still gives me all the commits history. tried to change to 1 or 2 and now it passed anyway (also if there is leaks in the code) and i got:
time="2021-12-21T13:52:58Z" level=info msg="commits scanned: 0"
How could i make it to run only on the last commit?
You can use '--log-opts ' gitleaks option to set commit limite (Gitleaks doc).
So to get only the last commit, you should use '-n 1' to limit the number of commits at one.
Whole gitleaks commande looks like:
gitleaks detect --source . --log-opts "-n 1"Notes: That doesn't limit github Action but gitleaks
Notes2: That will only test diff given by last commit (i.e: result of
git log -p -n 1command)