[bug] Relative filepaths in GHA no longer work

skeweredlogic commented 11 months ago

Please review the Community Note before submitting

This PR introduced the change: #2138

When using the -x flag with an ignore file argument, the file path specified should not break when relative to the repo/local filesystem root.

Because the referenced file was copied into /tmp, but the entrypoint runs from /, trufflehog cannot find it.

Create a .truffleignore file used with the -x flag to ignore specific paths/files.
Run trufflehog similarly to how it would be done in GHA: docker run --rm -v .:/tmp ghcr.io/trufflesecurity/trufflehog:latest filesystem /tmp --fail --no-update --github-actions -x .truffleignore --trace.
Observe that trufflehog cannot find the file specified.

Environment

joeleonjr commented 11 months ago

Since we can't mount to "/", I think an easy fix for this is to define a working directory in the docker command within the action.yml file.

Ex:

docker run --rm -v "$REPO_PATH":/tmp  -w /tmp ....

@zricethezav @codevbus any thoughts on this idea?

zricethezav commented 10 months ago

docker run --rm -v "$REPO_PATH":/tmp -w /tmp ....

I've seen this in lots of GHAs, I'd say it's a good solution.

zricethezav commented 9 months ago

@skeweredlogic https://github.com/trufflesecurity/trufflehog/pull/2393 should fix it. Please reopen this issue if the problem persists.

skeweredlogic commented 9 months ago

Thank you! will be able to test when #2396 is closed.