From 970d8dabd848db372680bdb68f1eebc48fe2fd14 Mon Sep 17 00:00:00 2001 From: Jesse Freitas Date: Fri, 24 Apr 2026 08:36:46 -0300 Subject: [PATCH] ci: fix gitleaks (first push) + desabilitar CodeQL em repo private --- .github/workflows/ci.yml | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 95f8eae..5b1090f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,22 +47,27 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Run gitleaks - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Install gitleaks CLI + run: | + GL_VERSION=8.24.3 + curl -sSL -o /tmp/gitleaks.tar.gz \ + "https://github.com/zricethezav/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz" + tar -xzf /tmp/gitleaks.tar.gz -C /tmp + sudo mv /tmp/gitleaks /usr/local/bin/gitleaks + - name: Scan full repository + run: gitleaks detect --source . --redact --verbose --exit-code 1 - codeql: - name: CodeQL - runs-on: ubuntu-latest - permissions: - security-events: write - steps: - - uses: actions/checkout@v4 - - uses: github/codeql-action/init@v3 - with: - languages: javascript, python - - uses: github/codeql-action/analyze@v3 + # CodeQL: desabilitado em repo private sem GitHub Advanced Security addon. + # Reativar quando repo tornar-se público ou GHAS for contratado. + # codeql: + # name: CodeQL + # runs-on: ubuntu-latest + # permissions: { security-events: write } + # steps: + # - uses: actions/checkout@v4 + # - uses: github/codeql-action/init@v3 + # with: { languages: javascript, python } + # - uses: github/codeql-action/analyze@v3 bench: name: Benchmark (informational)