diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml index 9b1005e01287ef9c8d07a875a3b1bfd011ef7d64..b4ae879bfb35140de9e59ba3a253b471345053e3 100644 --- a/templates/gitlab-ci-gitleaks.yml +++ b/templates/gitlab-ci-gitleaks.yml @@ -13,6 +13,14 @@ # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= +# default workflow rules +workflow: + rules: + # exclude merge requests + - if: $CI_MERGE_REQUEST_ID + when: never + - when: always + variables: # variabilized tracking image TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" @@ -202,9 +210,6 @@ gitleaks: paths: - gitleaks/ rules: - # exclude merge requests - - if: $CI_MERGE_REQUEST_ID - when: never # on production and integration branch(es) - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF' @@ -216,9 +221,6 @@ gitleaks-quick: script: - gitleaks detect ${TRACE+--log-level debug} --source . $gitleaks_rule_opts --report-path ./gitleaks/gitleaks-report.json --log-opts="-n ${GITLEAKS_QUICK_DEPTH}" $GITLEAKS_QUICK_ARGS rules: - # exclude merge requests - - if: $CI_MERGE_REQUEST_ID - when: never # only on non-production, non-integration branches - if: '$CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF' allow_failure: true