From 9e201d6d6d2caad2c22b26ef700544d00a6d0c4c Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:10:10 -0400 Subject: [PATCH 1/3] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 85e1b17..7b03514 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -13,7 +13,8 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 + - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e + if: ${{ secrets.GITLEAKS_LICENSE != '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} From 1a03eaa69738d23af3ef2e77cc626ea1a141543d Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:17:50 -0400 Subject: [PATCH 2/3] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 7b03514..40e997e 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -9,12 +9,14 @@ on: jobs: gitleaks: runs-on: ubuntu-latest + env: + HAS_GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE != '' }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e - if: ${{ secrets.GITLEAKS_LICENSE != '' }} + if: ${{ env.HAS_GITLEAKS_LICENSE == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} From 2b5b7024b5652156cbf9158eba5b7941b9802053 Mon Sep 17 00:00:00 2001 From: Steven Sklar Date: Mon, 20 Apr 2026 14:49:42 -0400 Subject: [PATCH 3/3] chore(build): guard gitleaks license and pin action SHA --- .github/workflows/gitleaks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 40e997e..0c023d3 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@83d9cd684c87d95d656c1458ef04895a7f1cbd8e + - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 if: ${{ env.HAS_GITLEAKS_LICENSE == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}