---
name: Gitleaks Scan

on:
  push:
  pull_request:

jobs:
  gitleaks:
    runs-on: ubuntu-latest

    steps:
      - name: Install Gitleaks
        run: |
          curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
          | tar -xz
          sudo mv gitleaks /usr/local/bin/

      - name: Checkout code
        uses: actions/checkout@v6
        with:
          github-server-url: ${{ vars.GIT_SERVER_URL }}

      - name: Run Gitleaks
        run: |
          gitleaks dir . \
            --redact=10 \
            --verbose \
            --exit-code 1
        # gitleaks detect \
        #   --source . \
        #   --no-git \
        #   --redact=20 \
        #   --verbose \
        #   --exit-code 1