zricethezav
commented
2 years ago Use fetch-depth: 0 until dynamic fetching is introduced in an upcoming v2.x.x release
Closed jbrestan closed 2 years ago
zricethezav
commented
2 years ago Use fetch-depth: 0 until dynamic fetching is introduced in an upcoming v2.x.x release
Hi, when setting up the action for PRs I noticed that with the
fetch-depth: '2'recommended in the marketplace description (https://github.com/marketplace/actions/gitleaks very bottom), the git log fails due to not having the target ref cloned, logging:fatal: ambiguous argument 'remotes/origin/main...': unknown revision or path not in the working tree., but the action step as a whole succeeds, hiding potential issues in the PR.fetch-depth: '0'solves this problem although with a large history the clone may still be inefficient as the description says.I'd expect the action as a whole to fail if it's not able to scan anything. If a similar problem appears again, it might silently fail to report problematic commits, and because it typically only scans new commits, those that slipped may not be easily discovered again.
I've set up a minimal repro, here is an example of this behavior in a PR build https://github.com/jbrestan/gitleaks-repro/runs/2965724359?check_suite_focus=true#step:4:6