torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refine gitleaks download and extraction process in code analysis workflow by implementing dynamic asset URL retrieval, enhanced error handling for invalid downloads, and improved extraction methods.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 3m16s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-12-20 15:22:30 +01:00
parent dd21174f1d
commit 9e5ccbe8a3
1 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/code-analysis.yml
View File

@@ -43,12 +43,31 @@ jobs:
- name: gitleaks (Secrets Scanning)
run: |
curl -sSL -L https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz -o gitleaks.tar.gz
if [ ! -s gitleaks.tar.gz ] || file gitleaks.tar.gz | grep -q "HTML"; then
echo "Error: Downloaded file is not a valid archive"
# Try to get the latest release asset URL
ASSET_URL=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep -o '"browser_download_url": "[^"]*linux_x64[^"]*"' | head -1 | cut -d'"' -f4)
if [ -z "$ASSET_URL" ]; then
# Fallback: construct URL manually
VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
ASSET_URL="https://github.com/gitleaks/gitleaks/releases/download/${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz"
fi
echo "Downloading from: $ASSET_URL"
curl -sSL -L "$ASSET_URL" -o gitleaks.tar.gz
# Check if download was successful and file is not HTML
if [ ! -s gitleaks.tar.gz ] || head -1 gitleaks.tar.gz | grep -q "<!DOCTYPE html"; then
echo "Error: Downloaded file is not a valid archive (might be HTML page)"
head -5 gitleaks.tar.gz
exit 1
fi
# Try different extraction methods
if tar -tzf gitleaks.tar.gz >/dev/null 2>&1; then
tar -xzf gitleaks.tar.gz
elif tar -tf gitleaks.tar.gz >/dev/null 2>&1; then
tar -xf gitleaks.tar.gz
else
echo "Error: Cannot extract archive. File type:"
file gitleaks.tar.gz
exit 1
fi
tar -xzf gitleaks.tar.gz 2>/dev/null || tar -xf gitleaks.tar.gz || (echo "Failed to extract archive" && exit 1)
chmod +x gitleaks
./gitleaks detect --source . --no-git --redact --exit-code 1
rm -f gitleaks.tar.gz