From c16ee2069f9210954d98721e2e6b2922b23c9725 Mon Sep 17 00:00:00 2001 From: ernestprovo23 Date: Sun, 28 Jun 2026 23:22:02 -0400 Subject: [PATCH] fix(ci): replace gitleaks-action (paid org license) with gitleaks CLI v8.30.1 gitleaks/gitleaks-action@v3 requires a paid GITLEAKS_LICENSE secret for org repos and was already failing CI silently. Replace with the gitleaks CLI binary (MIT, free for all repos), pinned at v8.30.1. Closes GH issue companion to DSE-72. --- .github/workflows/gitleaks.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 8772979..40af08c 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -7,7 +7,6 @@ on: permissions: contents: read - pull-requests: read jobs: gitleaks: @@ -19,7 +18,11 @@ jobs: with: fetch-depth: 0 + - name: Install gitleaks v8.30.1 + run: | + wget -q https://github.com/gitleaks/gitleaks/releases/download/v8.30.1/gitleaks_8.30.1_linux_x64.tar.gz + tar -xzf gitleaks_8.30.1_linux_x64.tar.gz gitleaks + chmod +x gitleaks + - name: Scan for secrets - uses: gitleaks/gitleaks-action@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: ./gitleaks detect --source . --exit-code 1