Commit 7f2fa244 authored by Clement Bois's avatar Clement Bois
Browse files

Merge branch 'fix/mr-analysis' into 'master' 

fix: analyse branch or MR commits only

Closes #20 and #22

See merge request to-be-continuous/gitleaks!58
parents dc34b6e7 0ed44f1c

templates/gitlab-ci-gitleaks.yml

+12 −2
Original line number Diff line number Diff line
@@ -215,7 +215,7 @@ stages: 


  # ENDSCRIPT



# full analysis on master and develop branches

# full analysis on main/master and develop branches

gitleaks:

  image:

    name: $GITLEAKS_IMAGE
@@ -233,7 +233,17 @@ gitleaks: 
    - install_gitleaks_rules

    - git config --global --add safe.directory "${CI_PROJECT_DIR}"

  script:

    - gitleaks git ${TRACE+--log-level debug} $gitleaks_rule_opts --report-path reports/gitleaks.native.json $GITLEAKS_ARGS .

    - |

      log_opts=""

      if [[ "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]]

      then

        log_info "Merge Request only analysis (\\e[33;1m${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA}\\e[0m)"

        log_opts="${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA}"

      else

        log_info "Full branch analysis (\\e[33;1m${CI_COMMIT_SHA}\\e[0m and ancestors)"

        log_opts="${CI_COMMIT_SHA}"

      fi

    - gitleaks git ${TRACE+--log-level debug} $gitleaks_rule_opts --log-opts "$log_opts" --report-path reports/gitleaks.native.json $GITLEAKS_ARGS .

  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    when: always