From f914ca5c7ed19124a4d52dc768234fd7a38da190 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Fri, 10 Oct 2025 22:08:15 +0200
Subject: [PATCH] feat: added gitleaks stage

---
 .gitlab/gitleaks.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .gitlab/gitleaks.yaml

diff --git a/.gitlab/gitleaks.yaml b/.gitlab/gitleaks.yaml
new file mode 100644
index 0000000..b369d97
--- /dev/null
+++ b/.gitlab/gitleaks.yaml
@@ -0,0 +1,18 @@
+---
+
+# gitleaks
+gitleaks:
+  stage: "gitleaks"
+  image:
+    name: "ghcr.io/gitleaks/gitleaks:latest"
+  variables:
+    GIT_DEPTH: 1
+  rules:
+
+    # run only on push to default branch
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: "never"
+
+  # start linting
+  script:
+    - "gitleaks detect --source . --verbose --redact"