rublox/studio
2
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 1 Wiki Activity

ci(secret-scan): запинить trufflehog v3.90.5 (latest 3.95.4 = 404 на бинарник)
All checks were successful
CI / Lint (pull_request) Successful in 1m9s
Details
CI / Build (pull_request) Successful in 2m3s
Details
CI / Secret scan (pull_request) Successful in 2m49s
Details
CI / PR size check (pull_request) Successful in 8s
Details
CI / Deploy to S1 + S2 (pull_request) Has been skipped
Details

Browse Source 
Upstream trufflehog latest-тег указывал на релиз без выложенного бинарника →
install HTTP 404 → secret-scan падал на всех PR. Пин на стабильную версию.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
min 2026-06-02 14:32:25 +03:00
parent 201c54d179
commit 5c5ae76e5c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitea/workflows/ci.yml
View File

@ -56,8 +56,12 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Install trufflehog - name: Install trufflehog
run: | run: |
# Версия ЗАПИНЕНА: 2026-06-02 latest-тег trufflehog (3.95.4) указывал
# на релиз без выложенного бинарника → install давал HTTP 404 и валил
# secret-scan у всех PR. Пин на стабильную версию убирает зависимость
# от свежести релизов upstream.
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \ curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \
| sh -s -- -b /usr/local/bin | sh -s -- -b /usr/local/bin v3.90.5
- name: Run trufflehog - name: Run trufflehog
run: | run: |
trufflehog git "file://$(pwd)" \ trufflehog git "file://$(pwd)" \