feat: implement gitleaks

.github/workflows/gitleaks.yaml

@@ -0,0 +1,19 @@
+name: gitleaks
+on:
+ pull_request:
+ push:
+ workflow_dispatch:
+ schedule:
+ - cron: "0 4 * * *" # run once a day at 4 AM
+jobs:
+ scan:
+ name: gitleaks
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ - uses: gitleaks/gitleaks-action@v2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+ - repo: https://github.com/gitleaks/gitleaks
+ rev: v8.18.0
+ hooks:
+ - id: gitleaks

Makefile

@@ -0,0 +1,29 @@
+.PHONY: precommit_setup precommit_install precommit_update precommit_run precommit_staged
+# Install pre-commit tooling
+precommit_setup:
+ @echo "Setting up pre-commit..."
+ pip install pre-commit
+
+# Install the hooks
+precommit_install: precommit_setup
+ @echo "Installing pre-commit hooks..."
+ pre-commit install
+
+# Update the hooks to the latest versions
+precommit_update: precommit_setup
+ @echo "Updating pre-commit hooks..."
+ pre-commit autoupdate
+
+# Run all hooks against all the files
+precommit_run:
+ @echo "Running pre-commit hooks..."
+ pre-commit run --all-files
+
+# Run all hooks against staged files
+precommit_staged:
+ @echo "Running pre-commit hooks against staged files..."
+ pre-commit run --files $$(git diff --name-only --cached)
+
+# Your other Makefile targets
+# ...
+setup: precommit_setup precommit_update precommit_install