fix(security-scan): resolve gitleaks version dynamically via API
The static URL gitleaks_linux_x64.tar.gz does not work as gitleaks uses versioned filenames (e.g. gitleaks_8.x.x_linux_x64.tar.gz). Fetch the latest tag via GitHub API and construct the correct URL.
This commit is contained in:
OliverGiertz
parent
431a1d2543
commit
ec14acb46e
1 changed files with 2 additions and 1 deletions
3
.github/workflows/repo-pipeline.yml
vendored
3
.github/workflows/repo-pipeline.yml
vendored
|
|
@ -146,7 +146,8 @@ jobs:
|
|||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz | tar -xz
|
||||
GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep '"tag_name"' | sed -E 's/.*"v([^"]+)".*/\1/')
|
||||
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" | tar -xz
|
||||
sudo mv gitleaks /usr/local/bin/gitleaks
|
||||
gitleaks version
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue