search

nikitamalinov / paulgrahamessays

https://paulgrahamessays.com
0 stars 0 forks source link

Fix Add GitLeaks action to this repo with stage model #5

Open ghost opened 3 months ago

ghost commented 3 months ago

Original issue: #2

What is the feature

This feature adds GitLeaks as a GitHub Action to the repository.

Why we need the feature

GitLeaks is a tool that helps in detecting and preventing secrets from being committed to the repository. By integrating GitLeaks as a GitHub Action, we can automatically scan for sensitive information in our codebase, enhancing the security of our project.

How to implement and why

  1. Create a GitHub Action Workflow File:

    • Add a new workflow file in the .github/workflows directory, e.g., gitleaks.yml.
    • This file will define the GitLeaks action to run on specific events like push and pull_request.

  2. Define the Workflow:

    • Specify the name of the workflow.
    • Set the on triggers to push and pull_request to ensure the action runs on these events.
    • Use the jobs section to define the job that will run GitLeaks.
    • Use the actions/setup-go@v2 action to set up the Go environment, as GitLeaks is a Go-based tool.
    • Use the zricethezav/gitleaks-action@v1.3.0 action to run GitLeaks.

  3. Configure GitLeaks:

    • Optionally, add a configuration file for GitLeaks if custom rules or exclusions are needed.

  4. Test the Workflow:

    • Push the changes to a branch and create a pull request to ensure the GitHub Action runs as expected.

Example gitleaks.yml:

name: GitLeaks

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: '1.16'

      - name: Run GitLeaks
        uses: zricethezav/gitleaks-action@v1.3.0
        with:
          args: "--path=."

By following these steps, we ensure that our repository is continuously monitored for any accidental commits of sensitive information, thereby improving our security posture.

Test these changes locally

git checkout -b stage/issue-#2-6fd7106a-799c-4b4b-86a3-783d41476d68
git pull origin stage/issue-#2-6fd7106a-799c-4b4b-86a3-783d41476d68
vercel[bot] commented 3 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
paulgrahamessays ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 18, 2024 8:51pm