gitleaks / gitleaks-action

Protect your secrets using Gitleaks-Action
https://gitleaks.io
Other
330 stars 129 forks source link

Gitleaks breaks #154

Closed praveenkumarpk closed 5 months ago

praveenkumarpk commented 5 months ago

gitleaks-action/v2/dist/index.js:128395 const artifactClient = artifact.create(); ^

TypeError: artifact.create is not a function

Gitleaks/gitleaks-action@v2 gitleaks version: 8.16.1

mabbott-aurorasolar commented 5 months ago

Also seeing this when my workflow calls gitleaks on github actions

on: [workflow_call]

name: Scan repo for secrets

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50
      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

Output:

5:19PM INF 2 commits scanned.
5:19PM DBG Note: this number might be smaller than expected due to commits with no additions
5:19PM INF scan completed in 61.8ms
5:19PM INF no leaks found
/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:1[28](https://github.com/aurorasolar/zarya/actions/runs/9290350749/job/25566563759#step:3:28)395
  const artifactClient = artifact.create();
                                  ^
TypeError: artifact.create is not a function
    at Object.Scan (/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:128395:35)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async start (/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:139588:16)
Node.js v20.8.1
mabbott-aurorasolar commented 5 months ago

Suspect this is related to https://github.com/gitleaks/gitleaks-action/pull/153 which was merged 30 minutes ago, and updated a reference to artifact.

ShaunKav commented 5 months ago

+1 I got this same error in my actions after the mentioned PR was merged.

quagliato commented 5 months ago

+1

gustavo-depaula commented 5 months ago

+1 pls fix 😢

rafael-loggi commented 5 months ago

Same here!!! On all repositories..

mvanderkamp-cmb commented 5 months ago

If it helps, here's the deprecation notice that shows up on successful runs before the action started breaking an hour ago.

Screenshot 2024-05-29 at 11 16 05
mvanderkamp-cmb commented 5 months ago

I think this is because #153 bumped the dependency without changing how its used. I'd recommend reverting.

maxlouthain-arcadia commented 5 months ago

+1

matimercado commented 5 months ago

+1, same issue in my workflows

cerontrustly commented 5 months ago

+1

mvanderkamp-cmb commented 5 months ago

Workaround:

In your workflow file, use the last working version instead of the latest v2 release by specifying gitleaks/gitleaks-action@v2.3.4 instead of gitleaks/gitleaks-action@v2:

jobs:
  scan:
    name: gitleaks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: gitleaks/gitleaks-action@v2.3.4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
codykhon commented 5 months ago

Opened pull request that should fix this issue

https://github.com/gitleaks/gitleaks-action/pull/157

zricethezav commented 5 months ago

Huge thanks to @codykhon for the quick fix. Let me know if it's still broken