fix: force clone full commits history in gitleaks complete analysis

0b2c51ef · Bertrand Goareguer · Pierre SMEYERS · 913eb40c · 0b2c51ef · 0b2c51ef
Commit 0b2c51ef authored 3 years ago by Bertrand Goareguer Committed by Pierre SMEYERS 3 years ago
--- a/README.md
+++ b/README.md
@@ -27,4 +27,5 @@ They use the following configuration.
 | `GITLEAKS_IMAGE`      | The Docker image used to run Gitleaks  | `zricethezav/gitleaks:latest` |
 | `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project) | _none_ (uses default rules) |
 | `GITLEAKS_ARGS`       | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
-| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose --depth=10` _(audit on the current branch with a depth of 10)_ |
+| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose` _(audit on the current branch)_ |
+| `GITLEAKS_QUICK_DEPTH` | Number of commits to scan (on feature branches) | `10` | 
--- a/kicker.json
+++ b/kicker.json
@@ -23,7 +23,14 @@
    {
      "name": "GITLEAKS_QUICK_ARGS",
      "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches)",
-      "default": "--verbose --depth=10",
+      "default": "--verbose",
+      "advanced": true
+    },
+    {
+      "name": "GITLEAKS_QUICK_DEPTH",
+      "description": "Number of commits to scan (on feature branches)",
+      "type": "number",
+      "default": "10",
      "advanced": true
    }
  ]

--- a/templates/gitlab-ci-gitleaks.yml
+++ b/templates/gitlab-ci-gitleaks.yml
@@ -17,7 +17,8 @@ variables:
  # Default Docker image (can be overriden)
  GITLEAKS_IMAGE: "zricethezav/gitleaks:latest"
  GITLEAKS_ARGS: "--verbose"
-  GITLEAKS_QUICK_ARGS: "--verbose --depth=10"
+  GITLEAKS_QUICK_DEPTH: "10"
+  GITLEAKS_QUICK_ARGS: "--verbose"
  # default production ref name (pattern)
  PROD_REF: '/^master$/'
  # default integration ref name (pattern)
@@ -200,6 +201,8 @@ gitleaks:
    - name: "$CI_REGISTRY/orange-opensource/tbc/tools/tracking:master"
      command: ["--service", "gitleaks", "1.1.0"]
  stage: test
+  variables:
+    GIT_DEPTH: 0
  before_script:
    - *gitleaks-scripts
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -222,8 +225,10 @@ gitleaks:
 # quick analysis on dev branches
 gitleaks-quick:
  extends: gitleaks
+  variables:
+    GIT_DEPTH: "${GITLEAKS_QUICK_DEPTH}"
  script:
-    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json $GITLEAKS_QUICK_ARGS
+    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json --depth=${GITLEAKS_QUICK_DEPTH} $GITLEAKS_QUICK_ARGS
  rules:
    # exclude merge requests
    - if: $CI_MERGE_REQUEST_ID