Skip to content

ci: fix TruffleHog on K8s runners — use native binary instead of Docker action#69

Merged
BrewingCoder merged 2 commits intomainfrom
issue-67-k8s-runners
Mar 23, 2026
Merged

ci: fix TruffleHog on K8s runners — use native binary instead of Docker action#69
BrewingCoder merged 2 commits intomainfrom
issue-67-k8s-runners

Conversation

@BrewingCoder
Copy link
Copy Markdown
Owner

@BrewingCoder BrewingCoder commented Mar 23, 2026

Summary

  • trufflesecurity/trufflehog@main action uses docker run internally — fails on K8s ephemeral runner pods (no Docker socket)
  • Switch to installing the TruffleHog binary natively via the official install script
  • Scan scope logic preserved: PR scans since base SHA, push scans since before SHA, schedule scans full repo

Test plan

  • Security workflow passes on this PR (Secret Scanning job completes without Docker error)
  • Re-run on main after merge to confirm green

🤖 Generated with Claude Code

BrewingCoder and others added 2 commits March 22, 2026 20:31
@BrewingCoder @claude
ci: replace TruffleHog Docker action with native binary install
b588da1 
The trufflesecurity/trufflehog@main action uses `docker run` internally
which fails on K8s ephemeral runners (no Docker socket available).

Switch to installing the TruffleHog binary directly via the official
install script and running it natively. Preserves --only-verified and
--fail flags, handles push/PR/schedule scan scoping manually.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@BrewingCoder @claude
ci: fix TruffleHog install — use HOME/.local/bin (no root needed)
ccddc7a 
K8s runner doesn't have write access to /usr/local/bin. Install to
$HOME/.local/bin and add to GITHUB_PATH instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@BrewingCoder BrewingCoder merged commit 1459821 into main Mar 23, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BrewingCoder