Closed ericcornelissen closed 2 years ago
zricethezav
commented
2 years ago Hi @ericcornelissen,
Thanks for opening this issue. I agree that there should be an option to run on a schedule. When we were developing this new version that was a stretch goal of ours but it didn't make the initial v2 release. We plan on adding this feature in upcoming releases.
zricethezav
commented
2 years ago https://github.com/orgs/community/discussions/12269 helpful docs
zricethezav
commented
2 years ago @ericcornelissen we now support scheduled runs with the release of https://github.com/gitleaks/gitleaks-action/releases/tag/v2.2.0
Feel free to reopen or continue commenting on this issue if you see any gaps.
I recently added this Action to a workflow that, besides triggering on pushes and Pull Requests, also runs on a schedule. Then I discovered this is currently not supported (see this run, for example). It seems this is failing at:
https://github.com/gitleaks/gitleaks-action/blob/8fe1d33dbcfa38223048888baa1c5e9ed5f2389d/src/index.js#L40
due to the
repositoryproperty missing from theeventJSON.If it's possible to fix the above issue, I must admit I'm not 100% sure what supporting the schedule trigger would mean for gitleak-actions. I think it could be leveraged to perform a historic scan?
If a historic scan isn't an option, I would like to suggest documenting which triggers are supported and providing a proper error message for unsupported triggers (e.g. by checking the value of
GITHUB_EVENT_NAMEand exiting with an error message when it's not "push", "pull_request", or "workflow_dispatch").