diff --git a/.github/workflows/bulwark-gitleaks-pr-validation.yaml b/.github/workflows/bulwark-gitleaks-pr-validation.yaml deleted file mode 100644 index 2d1f2b7d..00000000 --- a/.github/workflows/bulwark-gitleaks-pr-validation.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: BulwarkGitLeaks -on: [pull_request] - -concurrency: - group: gitleaks-${{ github.ref }} - cancel-in-progress: true - -jobs: - gitleaks-scan: - runs-on: ubuntu-latest - container: - image: gcr.io/spectro-dev-public/bulwark/gitleaks:latest - env: - REPO: ${{ github.event.repository.name }} - BRANCH: ${{ github.head_ref || github.ref_name }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITLEAKS_CONFIG: config.toml - steps: - - - name: run-bulwark-gitleaks-scan - if: github.event.pull_request.head.repo.full_name == github.repository - shell: sh - env: - BRANCH: ${{ github.head_ref || github.ref_name }} - run: /workspace/bulwark -name CodeSASTGitLeaks -target $REPO -tags "branch:$BRANCH,options:--log-opts origin..HEAD" - - - name: run-bulwark-gitleaks-scan-from-fork - if: github.event.pull_request.head.repo.full_name != github.repository - shell: sh - run: | - git clone https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git -b ${BRANCH} ${REPO} - cd ${REPO} - git remote add scRepo https://github.com/${{ github.repository }}.git - git fetch scRepo - /workspace/bulwark -name CodeSASTGitLeaks -target pwd -tags "branch:$BRANCH,options:--log-opts HEAD..scRepo/${{ github.base_ref }}" - - - name: check-result - shell: sh - run: | - resultPath=./$REPO/gitleaks.json - cat $resultPath | grep -v \"Match\"\: | grep -v \"Secret\"\: - total_failed_tests=`cat $resultPath | grep \"Fingerprint\"\: | wc -l` - if [ "$total_failed_tests" -gt 0 ]; then - echo "GitLeaks validation check failed with above findings..." - exit 1 - else - echo "GitLeaks validation check passed" - fi