From 7212ba9d08957ddf33953a772871978c9374610b Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Tue, 10 Mar 2026 12:00:02 -0400 Subject: [PATCH 1/4] Add Gitleaks secret scanning workflow --- .github/workflows/gitleaks.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/gitleaks.yml diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..5fa6466 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,19 @@ +name: Gitleaks + +on: + pull_request: + push: + branches: + - master + +jobs: + gitleaks: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} From edd2ef0726e6e0ec9e711710f2991a0cd5d326d7 Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:08:45 -0400 Subject: [PATCH 2/4] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 5fa6466..9a316a5 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -13,7 +13,8 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 + - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e + if: ${{ secrets.GITLEAKS_LICENSE != '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} From 318bd12bee9ead390e6cdc3a06d5bf94cf6fff60 Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:16:26 -0400 Subject: [PATCH 3/4] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 9a316a5..2d54f05 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -9,12 +9,14 @@ on: jobs: gitleaks: runs-on: ubuntu-latest + env: + HAS_GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE != '' }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e - if: ${{ secrets.GITLEAKS_LICENSE != '' }} + if: ${{ env.HAS_GITLEAKS_LICENSE == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} From 7cd88e8247721c4aa28bbbfb53f6fb871538c4e5 Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:48:09 -0400 Subject: [PATCH 4/4] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 2d54f05..6b65310 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e + - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 if: ${{ env.HAS_GITLEAKS_LICENSE == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}