remove dynamic git fetch (#22)

gitleaks · Apr 24, 2022 · b712ac6 · b712ac6
1 parent e470773
commit b712ac6
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 15 deletions.
diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml
@@ -6,7 +6,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: gitleaks/gitleaks-action@main # Runs the gitleaks-action from current main on github
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@use-fetch-depth-0 # Runs the gitleaks-action from current main on github
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

diff --git a/entrypoint.js b/entrypoint.js
@@ -172,18 +172,6 @@ function runGitleaks(commitA, commitB) {
     return 0;
 }
 
-function gitFetch(depth, ref) {
-    // shell out a git fetch command using the following command: "git fetch --depth=<depth> --prune"
-    try {
-        execSync(`git fetch origin --depth=${depth} ${ref}`, { encoding: 'utf8', stdio: 'inherit' });
-    }
-    catch (error) {
-        console.log("git fetch error: ", error);
-        return 1;
-    }
-    return 0;
-}
-
 // getLogOpts attempts to run `git log` to ensure gitleaks will scan _something_ rather than fail on an invalid commit range.
 // Invalid commit ranges should not happen often but if they do, we can just scan a single commit to maintain some gitleaks coverage for every event.
 // After confirming that git log works, we can return the log options to be used in the gitleaks command.
@@ -216,7 +204,6 @@ async function scanPullRequest() {
     const headRef = commits.data[0].sha;
     const baseRef = commits.data[commits.data.length - 1].sha;
 
-    gitFetch(parseInt(eventJSON.pull_request.commits) + 1, eventJSON.pull_request.head.ref);
     const exit_code = runGitleaks(headRef, baseRef);
 
     if (exit_code == 2) {
@@ -294,7 +281,6 @@ async function start() {
 
     let exit_code = 0;
     if (eventType === 'push') {
-        gitFetch(parseInt(eventJSON.commits.length) + 1, eventJSON.ref);
         exit_code = runGitleaks(eventJSON.before, eventJSON.after);
     } else if (eventType === 'pull_request') {
         exit_code = await scanPullRequest();