From 180efcdff73d15a59655b3286695afe432689f62 Mon Sep 17 00:00:00 2001 From: Jesse Freitas Date: Fri, 24 Apr 2026 08:46:32 -0300 Subject: [PATCH] =?UTF-8?q?ci:=20gitleaks=20--no-git=20(scan=20s=C3=B3=20w?= =?UTF-8?q?orking=20tree,=20n=C3=A3o=20hist=C3=B3rico)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b1090f..780af65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,8 +54,8 @@ jobs: "https://github.com/zricethezav/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz" tar -xzf /tmp/gitleaks.tar.gz -C /tmp sudo mv /tmp/gitleaks /usr/local/bin/gitleaks - - name: Scan full repository - run: gitleaks detect --source . --redact --verbose --exit-code 1 + - name: Scan working tree (prevent NEW leaks) + run: gitleaks detect --source . --no-git --redact --verbose --exit-code 1 # CodeQL: desabilitado em repo private sem GitHub Advanced Security addon. # Reativar quando repo tornar-se público ou GHAS for contratado.