From 350e65cbea149a116235e949098ebdc80da2bd09 Mon Sep 17 00:00:00 2001
From: Kevin Riehl <kevinriehl@gmail.com>
Date: Fri, 8 May 2026 17:54:31 -0700
Subject: [PATCH] fix(ci): replace flaky gitleaks-action with direct binary
 install
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

gitleaks/gitleaks-action@v2 has a license-key check that fails on some
Gitea runners. Switch to downloading and running the gitleaks binary
directly — same scan, no action wrapper, no license dependency.
---
 .gitea/workflows/ci.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 53525f5..6176b81 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -39,7 +39,12 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: gitleaks/gitleaks-action@v2
+      - name: Install and run gitleaks
+        run: |
+          GL_VERSION=8.18.4
+          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz" \
+            | tar xz -C /tmp gitleaks
+          /tmp/gitleaks detect --redact --no-banner --verbose --source .
 
   sast:
     runs-on: ubuntu-latest