fails when building tag

[davidkarlsen]

https://github.com/evryfs/elasticsearch-docker/runs/401570560

un eshork/gitleaks-action@v1.0.01s
##[error]Docker run failed with exit code 2
Run eshork/gitleaks-action@v1.0.0
/usr/bin/docker run --name dfbeda250217d8043cdbd1374b7e7bbb0aa_a280fc --label 488dfb --workdir /github/workspace --rm -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/elasticsearch-docker/elasticsearch-docker":"/github/workspace" 488dfb:eda250217d8043cdbd1374b7e7bbb0aa
ERRO[2020-01-21T19:36:20Z] could not find branch refs/tags/7.5.2        
##[error]Docker run failed with exit code 2

[fmigneault]

Also getting the same error in case of branches during a pull request.

https://github.com/Ouranosinc/Magpie/pull/254/checks?check_run_id=417660466

Run eshork/gitleaks-action@v1.0.0
/usr/bin/docker run --name dfbd2aa9bcaea9c4b8c996a192f431b1028_78fa17 --label 488dfb --workdir /github/workspace --rm -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/Magpie/Magpie":"/github/workspace" 488dfb:d2aa9bcaea9c4b8c996a192f431b1028
ERRO[2020-01-30T17:11:31Z] could not find branch refs/heads/coverage    
##[error]Docker run failed with exit code 2

[fmigneault]

@eshork Instead of using GITHUB_REF in the entrypoint script, maybe use GITHUB_SHA ?
Should handle both PR/branch/tag use cases.

[davidkarlsen]

I also noticed it happen for branches, could it be because the action does not lock down the gitleaks version?

[fmigneault]

I have the impression it is because GITHUB_REF is resolved to refs/heads/<branch> or refs/tags/<tag> depending on the case, but the gitleaks cli called within the entrypoint script seems to expect only the <branch> or <tag> value without the prefix.

I have tried running the docker like the action does (same mounted volumes and options) but using master in place of GITHUB_REF, which results in :

INFO[2020-01-30T19:15:02Z] No leaks detected. 1933 commits audited in 54 seconds 329 milliseconds 13 microseconds 

When I define GITHUB_REF as refs/heads/master, the analysis completes with the error we experienced :

ERRO[2020-01-30T19:15:55Z] could not find branch refs/heads/master

I don't see any option in github actions that only provide the branch/tag name, which is why I believe GITHUB_SHA could be used instead.

Edit
I have tried with GITHUB_SHA, sadly doesn't seem to work:
https://github.com/crim-ca/weaver/pull/71/checks?check_run_id=417989824

I guess the entrypoint script will simply need to strip the prefix to handle both branch/tag cases.

[fmigneault]

Now works:
https://github.com/crim-ca/weaver/pull/71/checks?check_run_id=418013946