Improve gitleaks download process in code analysis workflow by adding error handling for invalid downloads and ensuring proper extraction of the archive.

.gitea/workflows/code-analysis.yml

@@ -43,6 +43,12 @@ jobs:
 
       - name: gitleaks (Secrets Scanning)
         run: |
-          curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz \
-            | tar -xz gitleaks
+          curl -sSL -L https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz -o gitleaks.tar.gz
+          if [ ! -s gitleaks.tar.gz ] || file gitleaks.tar.gz | grep -q "HTML"; then
+            echo "Error: Downloaded file is not a valid archive"
+            exit 1
+          fi
+          tar -xzf gitleaks.tar.gz 2>/dev/null || tar -xf gitleaks.tar.gz || (echo "Failed to extract archive" && exit 1)
+          chmod +x gitleaks
           ./gitleaks detect --source . --no-git --redact --exit-code 1
+          rm -f gitleaks.tar.gz