fix: use official gitleaks-action to fix 404 on version fetch (#19)

nusmql · web-flow · commit 5e198089ac30 · 2026-04-07T18:16:14.000+03:00
* fix: use official gitleaks-action to avoid GitHub API 404 on version fetch

The manual curl to GitHub API for latest gitleaks release was failing
with 404 due to rate limiting on unauthenticated requests.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -52,12 +52,14 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "1.25"
+          cache: false
+
       - name: Install gitleaks
-        run: |
-          GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep tag_name | cut -d '"' -f4)
-          curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION#v}_linux_x64.tar.gz" -o gitleaks.tar.gz
-          tar xzf gitleaks.tar.gz gitleaks
-          sudo mv gitleaks /usr/local/bin/
+        run: go install github.com/zricethezav/gitleaks/v8@v8.30.1
 
       - name: Run gitleaks
         run: gitleaks detect --source . --verbose
