Skip to content

PLT-765:Added sdk support for repave approval #107

PLT-765:Added sdk support for repave approval

PLT-765:Added sdk support for repave approval #107

Workflow file for this run

name: GitLeaks
on:
pull_request:
branches:
- main
workflow_dispatch: {}
jobs:
gitleaks-scan:
runs-on: ubuntu-latest
container:
image: gcr.io/spectro-common-dev/fayasa/bulwark:latest
env:
REPO: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
credentials:
username: _json_key
password: ${{ secrets.GCR_SPCD_JSON_KEY }}
steps:
- name: run-bulwark-gitleaks-scan
shell: sh
env:
BRANCH: ${{ github.head_ref || github.ref_name }}
run: /workspace/bulwark -name CodeSASTGitLeaks -target $REPO -tags "branch:$BRANCH,options:--log-opts origin..HEAD"
- name: check-result
shell: sh
run: |
resultPath=./$REPO/gitleaks.json
cat $resultPath | grep -v \"Match\"\: | grep -v \"Secret\"\:
total_failed_tests=`cat $resultPath | grep \"Fingerprint\"\: | wc -l`
if [ "$total_failed_tests" -gt 0 ]; then
echo "GitLeaks validation check failed with above findings..."
exit 1
else
echo "GitLeaks validation check passed"
fi