Fix gitleaks to use the binary directly instead of the action

tarun-etikala · tarun-etikala · commit 6606baccd7e3 · 2025-11-20T19:45:44.000-05:00
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -45,11 +45,15 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Install Gitleaks
+        run: |
+          GITLEAKS_VERSION=8.29.0
+          curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz \
+            | tar -xz gitleaks
+          sudo mv gitleaks /usr/local/bin/gitleaks
+
       - name: Run Gitleaks
-        uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+        run: gitleaks detect --source . --config .gitleaks.toml --no-banner
 
       - name: Set up Python
         uses: actions/setup-python@v5
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -15,3 +15,7 @@ paths = [
     '''\.gitleaks\.toml$''',
     '''\.secrets\.baseline$''', # used for detect-secrets
 ]
+regexes = [
+    '''"image/png": ".*"''', # Ignores base64 image strings in JSON
+    '''"hash": ".*"''',      # Ignores hashes in metadata
+]

Original file line number	Diff line number	Diff line change
`@@ -15,3 +15,7 @@ paths = [`
`15`	`15`	`'''\.gitleaks\.toml$''',`
`16`	`16`	`'''\.secrets\.baseline$''', # used for detect-secrets`
`17`	`17`	`]`
	`18`	`+regexes = [`
	`19`	`+ '''"image/png": ".*"''', # Ignores base64 image strings in JSON`
	`20`	`+ '''"hash": ".*"''', # Ignores hashes in metadata`
	`21`	`+]`