ci: scan archived tracked files for gitleaks

novatechflow · novatechflow · commit 5017258447a1 · 2026-02-11T11:45:35.000+01:00
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -24,4 +24,7 @@ jobs:
 
       - name: Run gitleaks
         run: |
-          gitleaks detect --source . --no-git --redact --exit-code 1
+          rm -rf /tmp/repo-scan
+          mkdir -p /tmp/repo-scan
+          git archive --format=tar HEAD | tar -xf - -C /tmp/repo-scan
+          gitleaks detect --source /tmp/repo-scan --no-git --redact --exit-code 1
