commit 34489be4474c9a34d31e15f1ed1bc4c282ebdd6d parent 52ca32c72613679552c329e572c8c1016ffe4103 Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Tue, 4 Jun 2024 23:01:24 +0200 feat(gitleaks): use scripted syntax Diffstat:
M | vars/gitleaks.groovy | | | 46 | ++++++++++++++++------------------------------ |
1 file changed, 16 insertions(+), 30 deletions(-)
diff --git a/vars/gitleaks.groovy b/vars/gitleaks.groovy @@ -1,37 +1,23 @@ def call() { - pipeline { - agent { - docker { - label 'podman' - image 'ghcr.io/gitleaks/gitleaks:v8.18.2' - args '-u root --entrypoint=' - } - } - - stages { - stage('scan') { - script { - try { - sh returnStatus: true, script: ''' - gitleaks detect \ - --verbose --no-color --no-banner \ - --report-path gitleaks-report.json \ - ''' - } catch (err) { - def report = readJSON file: 'gitleaks-report.json' - if (!report.isEmpty) { - unstable(message: "Secrets detected in ${BUILD_URL}") - } else { - error(message: $err) - } + node('podman') { + stage('scan') { + docker.image('ghcr.io/gitleaks/gitleaks:v8.18.2').inside('-u root --entrypoint=""') { + try { + sh returnStatus: true, script: ''' + gitleaks detect \ + --verbose --no-color --no-banner \ + --report-path gitleaks-report.json \ + ''' + archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true + } catch (err) { + def report = readJSON file: 'gitleaks-report.json' + if (!report.isEmpty) { + unstable(message: "Secrets detected in ${BUILD_URL}") + } else { + error(message: $err) } } } } - post { - always { - archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true - } - } } }