Skip to content
Snippets Groups Projects
Commit 9a01dbf8 authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch '12-source_owned_by_someone_else' into 'master' 

fix: add build dir in safe.directory

Closes #12

See merge request to-be-continuous/gitleaks!19
parents 31d53f22 3271704f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/gitlab-ci-gitleaks.yml
+ 18
17
View file @ 9a01dbf8
# ========================================================================================= # =========================================================================================
# Copyright (C) 2021 Orange & contributors # Copyright (C) 2021 Orange & contributors
# #
# This program is free software; you can redistribute it and/or modify it under the terms # This program is free software; you can redistribute it and/or modify it under the terms
# of the GNU Lesser General Public License as published by the Free Software Foundation; # of the GNU Lesser General Public License as published by the Free Software Foundation;
# either version 3 of the License, or (at your option) any later version. # either version 3 of the License, or (at your option) any later version.
# #
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Lesser General Public License for more details. # See the GNU Lesser General Public License for more details.
# #
# You should have received a copy of the GNU Lesser General Public License along with this # You should have received a copy of the GNU Lesser General Public License along with this
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA. # Floor, Boston, MA 02110-1301, USA.
# ========================================================================================= # =========================================================================================
variables: variables:
...@@ -18,7 +18,7 @@ variables: ...@@ -18,7 +18,7 @@ variables:
GITLEAKS_IMAGE: "zricethezav/gitleaks:latest" GITLEAKS_IMAGE: "zricethezav/gitleaks:latest"
GITLEAKS_ARGS: "--verbose" GITLEAKS_ARGS: "--verbose"
GITLEAKS_QUICK_DEPTH: "10" GITLEAKS_QUICK_DEPTH: "10"
GITLEAKS_QUICK_ARGS: "--verbose" GITLEAKS_QUICK_ARGS: "--verbose"
# default production ref name (pattern) # default production ref name (pattern)
PROD_REF: '/^(master|main)$/' PROD_REF: '/^(master|main)$/'
...@@ -93,8 +93,8 @@ stages: ...@@ -93,8 +93,8 @@ stages:
_test_op=$(echo "$_fields" | cut -d: -f5) _test_op=$(echo "$_fields" | cut -d: -f5)
case "$_test_op" in case "$_test_op" in
defined) defined)
if [[ -z "$_not" ]] && [[ -z "$_cond_val" ]]; then continue; if [[ -z "$_not" ]] && [[ -z "$_cond_val" ]]; then continue;
elif [[ "$_not" ]] && [[ "$_cond_val" ]]; then continue; elif [[ "$_not" ]] && [[ "$_cond_val" ]]; then continue;
fi fi
;; ;;
equals|startswith|endswith|contains|in|equals_ic|startswith_ic|endswith_ic|contains_ic|in_ic) equals|startswith|endswith|contains|in|equals_ic|startswith_ic|endswith_ic|contains_ic|in_ic)
...@@ -113,28 +113,28 @@ stages: ...@@ -113,28 +113,28 @@ stages:
fi fi
case "$_test_op" in case "$_test_op" in
equals*) equals*)
if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val" ]]; then continue; if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val" ]]; then continue;
elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val" ]]; then continue; elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val" ]]; then continue;
fi fi
;; ;;
startswith*) startswith*)
if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val"* ]]; then continue; if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val"* ]]; then continue;
elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val"* ]]; then continue; elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val"* ]]; then continue;
fi fi
;; ;;
endswith*) endswith*)
if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val" ]]; then continue; if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val" ]]; then continue;
elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val" ]]; then continue; elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val" ]]; then continue;
fi fi
;; ;;
contains*) contains*)
if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val"* ]]; then continue; if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val"* ]]; then continue;
elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val"* ]]; then continue; elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val"* ]]; then continue;
fi fi
;; ;;
in*) in*)
if [[ -z "$_not" ]] && [[ "__${_cmp_val}__" != *"__${_cond_val}__"* ]]; then continue; if [[ -z "$_not" ]] && [[ "__${_cmp_val}__" != *"__${_cond_val}__"* ]]; then continue;
elif [[ "$_not" ]] && [[ "__${_cmp_val}__" == *"__${_cond_val}__"* ]]; then continue; elif [[ "$_not" ]] && [[ "__${_cmp_val}__" == *"__${_cond_val}__"* ]]; then continue;
fi fi
;; ;;
esac esac
...@@ -209,6 +209,7 @@ gitleaks: ...@@ -209,6 +209,7 @@ gitleaks:
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- mkdir -p ./gitleaks - mkdir -p ./gitleaks
- install_gitleaks_rules - install_gitleaks_rules
- git config --global --add safe.directory "${CI_PROJECT_DIR}"
script: script:
- gitleaks detect ${TRACE+--log-level debug} --source . $gitleaks_rule_opts --report-path ./gitleaks/gitleaks-report.json $GITLEAKS_ARGS - gitleaks detect ${TRACE+--log-level debug} --source . $gitleaks_rule_opts --report-path ./gitleaks/gitleaks-report.json $GITLEAKS_ARGS
artifacts: artifacts:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment