commit da293e1fde83dc443c7c9ee9bf41523af8c5490a parent 439b5971be0820d3dc81ffa737924720fe71e6be Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Wed, 5 Jun 2024 00:18:50 +0200 feat(gitleaks): revert to declarative syntax The workspace is not cleared from previous archiveArtifacts and the artifact is not updated in subsequent runs. Diffstat:
| M | vars/gitleaks.groovy | | | 41 | ++++++++++++++++++++++++++++------------- |
1 file changed, 28 insertions(+), 13 deletions(-)
diff --git a/vars/gitleaks.groovy b/vars/gitleaks.groovy @@ -1,19 +1,34 @@ def call() { - node('podman') { - stage('scan') { - docker.image('ghcr.io/gitleaks/gitleaks:v8.18.3').inside('-u root --entrypoint=""') { - sh returnStatus: true, script: ''' - gitleaks detect \ - --no-color --no-banner \ - --gitleaks-ignore-path .gitleaksignore \ - --report-path gitleaks-report.json - ''' - archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true - def r = readJSON file: 'gitleaks-report.json' - if (!r.isEmpty()) { - unstable(message: "Secrets detected in ${BUILD_URL}") + pipeline { + agent { + docker { + label 'podman' + image 'ghcr.io/gitleaks/gitleaks:v8.18.3' + args '-u root --entrypoint=' + } + } + + stages { + stage('scan') { + steps { + script { + sh returnStatus: true, script: ''' + gitleaks detect \ + --no-color --no-banner \ + --report-path gitleaks-report.json + ''' + def r = readJSON file: 'gitleaks-report.json' + if (!r.isEmpty()) { + unstable(message: "Secrets detected in ${BUILD_URL}") + } + } } } } + post { + always { + archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true + } + } } }