New release for `node20` update

gitleaks / gitleaks-action

Protect your secrets using Gitleaks-Action

https://gitleaks.io

Other

319 stars 122 forks source link

New release for `node20` update #137

Closed enric0r-s closed 7 months ago

enric0r-s commented 7 months ago

Should a new release of the action be created to have people use the update with node20 instead of using gitleaks/gitleaks-action@master?

cc: @zricethezav

mouchh commented 7 months ago

I was right now wondering how should I properly remediate this GH warning

V3 is not available

Unable to resolve action `gitleaks/gitleaks-action@v3`, unable to find version `v3`

enric0r-s commented 7 months ago

@mouchh Either you use the reference to the master uses: gitleaks/gitleaks-action@master inside your workflow or we wait for a new release to be rolled out

zricethezav commented 7 months ago

I’ll cut a new release once I get to my computer

zricethezav commented 7 months ago

@enric0r-s @mouchh should be good now

mouchh commented 7 months ago

Thanks @zricethezav !

Giving it a try; proper Node20 env update indeed but seems like https://github.com/gitleaks/gitleaks-action/issues/100 is striking again!

Warnings from the GH Runner with gitleaks/gitleaks-action@v2.3.3 - which is current v2

The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files.

Whereas warnings from the GH Runner with gitleaks/gitleaks-action@v2.3.2 were:

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20

ericcornelissen commented 7 months ago

Same here.

Given the diff v2.3.2...v2.3.3 my guess is that dist/index.js was rebuild with an older version of @actions/core (since @actions/core hasn't changed in the VCS, and node20 shouldn't have an effect on this).

Indeed, rebuilding after a clean clone results in the following (partial) diff in dist/index.js:

  function setOutput(name, value) {
+     const filePath = process.env['GITHUB_OUTPUT'] || '';
+     if (filePath) {
+         return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value));
+     }
      process.stdout.write(os.EOL);
-     command_1.issueCommand('set-output', { name }, value);
+     command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value));
  }

mouchh commented 6 months ago

Hi @zricethezav - shall we open a new and dedicated issue for this one?
Hope you can still feel the poke now the issue is closed 🤞

ericcornelissen commented 6 months ago

@zricethezav the latest release (https://github.com/gitleaks/gitleaks-action/releases/tag/v2.3.4) did not address the above issue (see run preview below, or here). The diff for e6dab246340401bf53eec993b8f05aebe80ac636 also shows this as it does not include the changes from my previous comment.