From 0b2c51ef5d9cbb2794073939c2c18e9a457e5b66 Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Fri, 4 Jun 2021 14:44:15 +0000
Subject: [PATCH] fix: force clone full commits history in gitleaks complete
 analysis

---
 README.md                        | 3 ++-
 kicker.json                      | 9 ++++++++-
 templates/gitlab-ci-gitleaks.yml | 9 +++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index a4949f8..edfff68 100644
--- a/README.md
+++ b/README.md
@@ -27,4 +27,5 @@ They use the following configuration.
 | `GITLEAKS_IMAGE`      | The Docker image used to run Gitleaks  | `zricethezav/gitleaks:latest` |
 | `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project) | _none_ (uses default rules) |
 | `GITLEAKS_ARGS`       | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
-| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose --depth=10` _(audit on the current branch with a depth of 10)_ |
+| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose` _(audit on the current branch)_ |
+| `GITLEAKS_QUICK_DEPTH` | Number of commits to scan (on feature branches) | `10` | 
diff --git a/kicker.json b/kicker.json
index fe89c77..75b2ba4 100644
--- a/kicker.json
+++ b/kicker.json
@@ -23,7 +23,14 @@
     {
       "name": "GITLEAKS_QUICK_ARGS",
       "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches)",
-      "default": "--verbose --depth=10",
+      "default": "--verbose",
+      "advanced": true
+    },
+    {
+      "name": "GITLEAKS_QUICK_DEPTH",
+      "description": "Number of commits to scan (on feature branches)",
+      "type": "number",
+      "default": "10",
       "advanced": true
     }
   ]
diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml
index 20609ce..722cfec 100644
--- a/templates/gitlab-ci-gitleaks.yml
+++ b/templates/gitlab-ci-gitleaks.yml
@@ -17,7 +17,8 @@ variables:
   # Default Docker image (can be overriden)
   GITLEAKS_IMAGE: "zricethezav/gitleaks:latest"
   GITLEAKS_ARGS: "--verbose"
-  GITLEAKS_QUICK_ARGS: "--verbose --depth=10"
+  GITLEAKS_QUICK_DEPTH: "10"
+  GITLEAKS_QUICK_ARGS: "--verbose"
   # default production ref name (pattern)
   PROD_REF: '/^master$/'
   # default integration ref name (pattern)
@@ -200,6 +201,8 @@ gitleaks:
     - name: "$CI_REGISTRY/orange-opensource/tbc/tools/tracking:master"
       command: ["--service", "gitleaks", "1.1.0"]
   stage: test
+  variables:
+    GIT_DEPTH: 0
   before_script:
     - *gitleaks-scripts
     - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -222,8 +225,10 @@ gitleaks:
 # quick analysis on dev branches
 gitleaks-quick:
   extends: gitleaks
+  variables:
+    GIT_DEPTH: "${GITLEAKS_QUICK_DEPTH}"
   script:
-    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json $GITLEAKS_QUICK_ARGS
+    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json --depth=${GITLEAKS_QUICK_DEPTH} $GITLEAKS_QUICK_ARGS
   rules:
     # exclude merge requests
     - if: $CI_MERGE_REQUEST_ID
-- 
GitLab