Giters

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Home Page:https://gitguardian.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GitHub action incorrect behavior

GG-HH opened this issue · comments

commented

Environment

  • ggshield version: 1.17.3
  • in GitHub action

Describe the bug

GitHub action for secret scanning only scan the last commit when pushing multiple commits to a branch

Steps to reproduce:

  1. Create a repo with the GitHub action defined as stated in the documentation
  2. Create locally a branch with at least two commits, the first one containing example secrets.
  3. Push the commits

Actual result:

  1. The action is run
  2. The action scans the last commit (and displays that it has one commit to scan)
  3. The action does not fail because the last commit doesn't contain any secrets

Expected result:

  • the action should scan all the newly pushed commits
  • the action should fail because one of the commits contains secrets

An example can be found in one of my repos

Potential solution

I suspect that we use incorrect variables in the template. We should rely directly on the environment variables given here and eventually adapt our code. This should simplify the template for the GH action as well.

Other related considerations

CI commands for both SCA and IaC may be impacted by this problem and will require attention.

commented

Fixed with #679