Closed ccostino closed 2 years ago
Version pinning generally doesn't work with brew
-- so we'd need to specify a release from GitHub downloads. This could be OK as we could then also checksum the file (or check the signature, if there is one).
if we install outside of brew, it'd also mean we can install caulking without admin rights on our machines, which is a huge plus, IMO
FYI that gitleaks
is now at 8.1.1
. It's also looking like this might be more critical to fix given that this has to work for us, and the next time anyone runs an install of it it's going to pull the latest version, breaking the caulking
script. I now can't commit with it installed, for instance.
I think I have this mostly worked out for downloading the 7.6.1
release from GitHub, but I am unsure of the checksum or signature checking part. @pburkholder I can start a draft PR with what I have so far to work off of, or if you have time to pair a bit on this I'd appreciate it. Thanks!
I did start some preliminary work to get things working with the latest release and I think I figured out that path forward as well, but it looks like a lot of the tests will need to be updated, or some other config option(s) toggled that I missed and am unaware of.
A PR is now in place! Thanks, @pburkholder.
PR is merged! We'll revisit gitleaks
in the near future to get it fully updated.
A new version of
gitleaks
has been released to bring it to version8.0.0
(now at8.1.1
at the time of this writing), which brings some breaking changes with it to our current setup.Specifically, when I go to commit a series of changes now,
gitleaks
will error out due to an unknown flag,--unstaged
. This flag was removed in the newest versions of the tool and appears to have been replaced/incorporated into a newprotect
subcommand.It looks like the line we need to change is line 17 in our pre-commit shell script, but I suspect we'll have to do a bit more than just swap a flag with a subcommand. It looks like some of the flags/options may have changed as well according to the Usage section of the README in the latest release.
It also looks like the new version (
8.1.1
) ignoresgitleaks.toml
by default; I'm not sure if this will have any impact, either, since I see it referenced in our script as well.The alternative is to pin our version again to a known working version for us (I believe that would be
7.6.1
- though it looks like we try and pin to7.2.1
) until we have time to come back to this.