Skip to content
Notification with issues

fix: handled permission errors on windows #40

Sign in to view logs

fix: handled permission errors on windows

fix: handled permission errors on windows #40

Workflow file for this run

.github/workflows/issues-notification.yml at d87abd7
name: Notification with issues
on:
push:
branches:
- "**"
pull_request:
branches:
- "**"
workflow_dispatch:
jobs:
gitleaks:
name: Gitleaks Scan
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Gitleaks
id: gitleaks
uses: gitleaks/gitleaks-action@v2
with:
config: .gitleaks.toml
continue-on-error: true
# -----------------------------
# PR comment (if PR triggered)
# -----------------------------
- name: Comment on PR if secrets detected
if: github.event_name == 'pull_request' && steps.gitleaks.outcome == 'failure'
uses: actions/github-script@v7
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `
**Gitleaks Alert – Secrets Detected**
@${context.actor} @${context.repo.owner}
Gitleaks has detected secrets in this pull request.
**Repository:** ${context.repo.owner}/${context.repo.repo}
**PR:** #${context.issue.number}
**Commit:** ${context.sha}
Please remove the secret immediately and rotate any exposed credentials.
`
});
- name: Create GitHub Issue for secrets
if: steps.gitleaks.outcome == 'failure'
uses: actions/github-script@v7
with:
script: |
const title = 'Secrets detected by Gitleaks';
const body = `
**Gitleaks Secret Detection Alert**
@${context.actor} @${context.repo.owner}
Secrets were detected in the repository.
**Repository:** ${context.repo.owner}/${context.repo.repo}
**Branch:** ${context.ref.replace('refs/heads/', '')}
**Commit:** ${context.sha}
**Triggered by:** ${context.actor}
Action required:
- Remove the secret from the codebase
- Rotate the exposed credentials immediately
---
_This issue was automatically created by github-actions[bot]._
`;
const { data: issues } = await github.rest.issues.listForRepo({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
labels: 'security,gitleaks'
});
const existingIssue = issues.find(issue => issue.title === title);
if (!existingIssue) {
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title,
body,
labels: ['security', 'gitleaks', 'automated']
});
} else {
await github.rest.issues.createComment({
issue_number: existingIssue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `
New secret detected
**Commit:** ${context.sha}
**Triggered by:** @${context.actor}
`
});
}
- name: Fail workflow if secrets detected
if: steps.gitleaks.outcome == 'failure'
run: exit 1