From 523f2e6719c4da525be93a9a3edd3c80fecceb10 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Fri, 9 May 2025 12:16:39 +0200
Subject: [PATCH] feat(ci): added gitleaks

---
 .gitlab-ci.yml        |  2 ++
 .gitlab/gitleaks.yaml | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 .gitlab/gitleaks.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5d82fc7..fdb0b13 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,6 +4,7 @@
 stages:
 
   # deployment
+  - "gitleaks"
   - "linting"
   - "deployment"
 
@@ -12,5 +13,6 @@ stages:
 include:
 
   # deployment
+  - local: ".gitlab/gitleaks.yaml"
   - local: ".gitlab/linting.yaml"
   - local: ".gitlab/deployment.yaml"
diff --git a/.gitlab/gitleaks.yaml b/.gitlab/gitleaks.yaml
new file mode 100644
index 0000000..27250a0
--- /dev/null
+++ b/.gitlab/gitleaks.yaml
@@ -0,0 +1,16 @@
+---
+
+# gitleaks
+gitleaks:
+  stage: "gitleaks"
+  image:
+    name: "gitleaks/gitleaks:latest"
+  rules:
+
+    # run only on push to default branch
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: "never"
+
+  # start linting
+  script:
+    - "gitleaks detect --source . --verbose --redact"