From dd21174f1d310bb2ef4070ba2cca22eca161a4c0 Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Sat, 20 Dec 2025 15:12:27 +0100
Subject: [PATCH] Improve gitleaks download process in code analysis workflow
 by adding error handling for invalid downloads and ensuring proper extraction
 of the archive.

---
 .gitea/workflows/code-analysis.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/code-analysis.yml b/.gitea/workflows/code-analysis.yml
index f8c6d30..3ea5a8a 100644
--- a/.gitea/workflows/code-analysis.yml
+++ b/.gitea/workflows/code-analysis.yml
@@ -43,6 +43,12 @@ jobs:
 
       - name: gitleaks (Secrets Scanning)
         run: |
-          curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz \
-            | tar -xz gitleaks
+          curl -sSL -L https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz -o gitleaks.tar.gz
+          if [ ! -s gitleaks.tar.gz ] || file gitleaks.tar.gz | grep -q "HTML"; then
+            echo "Error: Downloaded file is not a valid archive"
+            exit 1
+          fi
+          tar -xzf gitleaks.tar.gz 2>/dev/null || tar -xf gitleaks.tar.gz || (echo "Failed to extract archive" && exit 1)
+          chmod +x gitleaks
           ./gitleaks detect --source . --no-git --redact --exit-code 1
+          rm -f gitleaks.tar.gz