Hi, when setting up the action for PRs I noticed that with the fetch-depth: '2' recommended in the marketplace description (https://github.com/marketplace/actions/gitleaks very bottom), the git log fails due to not having the target ref cloned, logging: fatal: ambiguous argument 'remotes/origin/main...': unknown revision or path not in the working tree., but the action step as a whole succeeds, hiding potential issues in the PR. fetch-depth: '0' solves this problem although with a large history the clone may still be inefficient as the description says.
I'd expect the action as a whole to fail if it's not able to scan anything. If a similar problem appears again, it might silently fail to report problematic commits, and because it typically only scans new commits, those that slipped may not be easily discovered again.
Hi, when setting up the action for PRs I noticed that with the
fetch-depth: '2'
recommended in the marketplace description (https://github.com/marketplace/actions/gitleaks very bottom), the git log fails due to not having the target ref cloned, logging:fatal: ambiguous argument 'remotes/origin/main...': unknown revision or path not in the working tree.
, but the action step as a whole succeeds, hiding potential issues in the PR.fetch-depth: '0'
solves this problem although with a large history the clone may still be inefficient as the description says.I'd expect the action as a whole to fail if it's not able to scan anything. If a similar problem appears again, it might silently fail to report problematic commits, and because it typically only scans new commits, those that slipped may not be easily discovered again.
I've set up a minimal repro, here is an example of this behavior in a PR build https://github.com/jbrestan/gitleaks-repro/runs/2965724359?check_suite_focus=true#step:4:6