-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.3.0+ scans entire history on push #29
Comments
This is totally possible, I believe you can control the number of commits you check out with actions/checkout@v2. |
For sure, I think the question still remains how to determine how many commits to check out. If the commits are known, we could also use the same approach as is used for PRs (with the commit list). But a user could push arbitrarily many commits in a single push, and I haven't yet managed to find a git- or GitHub-native way to see what they are. |
😮 yeah that looks like it should work. I'll cook up a PR. Thanks! |
I believe the scan is performed on all branches as the gitleaks action does not allow to pass the |
☝🏼 potential fix: #38 |
Hi @stone-z as you already know, we released version 2.0 which fixes this problem. Only relevant commits will be scanned. |
Following this PR, the behavior on
push
is to scan the entire history, which I think is not actually intended.In this PR, for example, two
![image](https://user-images.githubusercontent.com/10408416/122757145-95cbfb00-d297-11eb-8ab0-e9d050de2b16.png)
gitleaks
jobs run - one forpull_request
and one forpush
. The PR job is both much faster (14s vs 1m) and also passes, while the push job fails due to a very old match.I'm not sure what the perfect way forward is. I can understand the use case of wanting to scan multiple pushed commits, but for performance and to limit the effort for users I think it should still be bounded to only those commits. On a PR branch it is clear how far back to scan, but it's harder when committing directly to a branch. Maybe a better git wizard than I has an idea?
cc @niall-byrne @zricethezav
The text was updated successfully, but these errors were encountered: