feat(ci): add gitleaks

.gitlab-ci.yml

@@ -4,6 +4,7 @@
 stages:
 
   # deployment
+  - "gitleaks"
   - "linting"
   - "deployment"
 
@@ -12,5 +13,6 @@ stages:
 include:
 
   # deployment
+  - local: ".gitlab/gitleaks.yaml"
   - local: ".gitlab/linting.yaml"
   - local: ".gitlab/deployment.yaml"

.gitlab/gitleaks.yaml

@@ -0,0 +1,18 @@
+---
+
+# gitleaks
+gitleaks:
+  stage: "gitleaks"
+  image:
+    name: "ghcr.io/gitleaks/gitleaks:latest"
+  variables:
+    GIT_DEPTH: 1
+  rules:
+
+    # run only on push to default branch
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: "never"
+
+  # start linting
+  script:
+    - "gitleaks detect --source . --verbose --redact --max-decode-depth 1"