Skip to content

chore(deps-dev): bump electron from 40.4.1 to 40.6.0 #556

chore(deps-dev): bump electron from 40.4.1 to 40.6.0

chore(deps-dev): bump electron from 40.4.1 to 40.6.0 #556

Workflow file for this run

name: Secrets Gate
on:
pull_request:
branches: ['main']
push:
branches: ['main']
workflow_dispatch:
permissions:
contents: read
jobs:
gitleaks:
name: Gitleaks Secret Scan
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
fetch-depth: 0
persist-credentials: false
- name: Install gitleaks
env:
GITLEAKS_VERSION: 8.24.3
run: |
set -euo pipefail
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" -o gitleaks.tar.gz
tar -xzf gitleaks.tar.gz gitleaks
chmod +x gitleaks
echo "${PWD}" >> "${GITHUB_PATH}"
- name: Determine git scan range
id: scan-range
shell: bash
run: |
set -euo pipefail
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "log_opts=${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}" >> "${GITHUB_OUTPUT}"
elif [[ "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]]; then
echo "log_opts=${{ github.event.before }}..${{ github.sha }}" >> "${GITHUB_OUTPUT}"
else
echo "log_opts=${{ github.sha }}" >> "${GITHUB_OUTPUT}"
fi
- name: Scan commit range for secrets
run: |
set -euo pipefail
gitleaks git \
--redact \
--no-banner \
--exit-code 1 \
--log-opts="${{ steps.scan-range.outputs.log_opts }}" \
--report-format json \
--report-path gitleaks-report.json
- name: Upload gitleaks report
if: always()
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
with:
name: gitleaks-report
path: gitleaks-report.json
if-no-files-found: ignore
retention-days: 14