oliver/vanity-dev-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(security-scan): resolve gitleaks version dynamically via API

Browse source 
The static URL gitleaks_linux_x64.tar.gz does not work as gitleaks
uses versioned filenames (e.g. gitleaks_8.x.x_linux_x64.tar.gz).
Fetch the latest tag via GitHub API and construct the correct URL.
This commit is contained in:
OliverGiertz 2026-03-11 08:25:53 +00:00
parent 431a1d2543
commit ec14acb46e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/repo-pipeline.yml vendored
View file

@ -146,7 +146,8 @@ jobs:
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz | tar -xz GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep '"tag_name"' | sed -E 's/.*"v([^"]+)".*/\1/')
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" | tar -xz
sudo mv gitleaks /usr/local/bin/gitleaks sudo mv gitleaks /usr/local/bin/gitleaks
gitleaks version gitleaks version