Skip to content
Snippets Groups Projects
Commit 0ed44f1c authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

fix: analyse branch or MR commits only 

- in a branch: only analyse this branch commits
- in a MR: only analyse commits withing the MR
parent 1fcbb5b2
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
templates/gitlab-ci-gitleaks.yml
+ 11
1
View file @ 0ed44f1c
...@@ -233,7 +233,17 @@ gitleaks: ...@@ -233,7 +233,17 @@ gitleaks:
- install_gitleaks_rules - install_gitleaks_rules
- git config --global --add safe.directory "${CI_PROJECT_DIR}" - git config --global --add safe.directory "${CI_PROJECT_DIR}"
script: script:
- gitleaks git ${TRACE+--log-level debug} $gitleaks_rule_opts --report-path reports/gitleaks.native.json $GITLEAKS_ARGS . - |
log_opts=""
if [[ "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]]
then
log_info "Merge Request only analysis (\\e[33;1m${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA}\\e[0m)"
log_opts="${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA}"
else
log_info "Full branch analysis (\\e[33;1m${CI_COMMIT_SHA}\\e[0m and ancestors)"
log_opts="${CI_COMMIT_SHA}"
fi
- gitleaks git ${TRACE+--log-level debug} $gitleaks_rule_opts --log-opts "$log_opts" --report-path reports/gitleaks.native.json $GITLEAKS_ARGS .
artifacts: artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always when: always
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment