gitleaks / gitleaks-action

Protect your secrets using Gitleaks-Action
https://gitleaks.io
Other
330 stars 129 forks source link

Gitleaks Summary Generated Urls Broken #121

Open Tjhayhay opened 1 year ago

Tjhayhay commented 1 year ago

Heyo!

The gitleaks summary is generating urls that are broken for all my private Org repos for all workflow event types.

The Url generated for example is https://github.com///actions/runs/undefined/commit/21f3bb48c90c82c688feb801ed5d539a6472273b

If I take out the "actions/runs/undefined" part of the url it seems to at least land on the commit page.

Any ideas whats happening here?

It seems odd because the url seems like it should be created based off eventJSON.repository.html_url and when I view that in the pipeline it looks correct without the actions/runs/undefined bit added.

acidghost commented 2 weeks ago

The URL is taken from https://github.com/gitleaks/gitleaks-action/blob/dea2b736fc4e90483f46e5bcbf998590c5742789/src/summary.js#L9

But unfortunately it's overwritten if the workflow is scheduled with a cron (i.e. event type schedule) https://github.com/gitleaks/gitleaks-action/blob/dea2b736fc4e90483f46e5bcbf998590c5742789/src/index.js#L51-L59

I have tested privately that the JSON file read into eventJSON contains repository.html_url, so IMO that if branch is obsolete and can be removed. Unfortunately I'm unable to find documentation to back this up...