Import gitleaks (deprecate binary), bump Go v1.17, use distroless image
What does this MR do?
- Directly import Gitleaks, instead of calling standalone binary
- Bump Go v1.17
- Use
golang:1.17.2-alpine3.14
and distroless images
P.S: I know, it is not recommended way to do more than one "thing" in a single MR but, I could not control myself.
$ docker run -v ${pwd}/path test:secrets run --target-dir "/path"
[INFO] [secrets] [2021-10-24T19:36:55Z] ▶ GitLab secrets analyzer v3.22.0
[INFO] [secrets] [2021-10-24T19:36:55Z] ▶ Detecting project
[INFO] [secrets] [2021-10-24T19:36:55Z] ▶ Found project in /path
[INFO] [secrets] [2021-10-24T19:36:55Z] ▶ Running analyzer
[INFO] [secrets] [2021-10-24T19:36:55Z] ▶ Creating report
What are the relevant issue numbers?
I could not open an issue for this, feel free to discuss further from here.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer