Gitleaks breaks

[praveenkumarpk]

gitleaks-action/v2/dist/index.js:128395
const artifactClient = artifact.create();
^

TypeError: artifact.create is not a function

Gitleaks/gitleaks-action@v2
gitleaks version: 8.16.1

[mabbott-aurorasolar]

Also seeing this when my workflow calls gitleaks on github actions

on: [workflow_call]

name: Scan repo for secrets

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50
      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

Output:

5:19PM INF 2 commits scanned.
5:19PM DBG Note: this number might be smaller than expected due to commits with no additions
5:19PM INF scan completed in 61.8ms
5:19PM INF no leaks found
/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:1[28](https://github.com/aurorasolar/zarya/actions/runs/9290350749/job/25566563759#step:3:28)395
  const artifactClient = artifact.create();
                                  ^
TypeError: artifact.create is not a function
    at Object.Scan (/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:128395:35)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async start (/home/runner/work/_actions/gitleaks/gitleaks-action/v2/dist/index.js:139588:16)
Node.js v20.8.1

[mabbott-aurorasolar]

Suspect this is related to #153 which was merged 30 minutes ago, and updated a reference to artifact.

[ShaunKav]

+1 I got this same error in my actions after the mentioned PR was merged.

[quagliato]

+1

[gustavo-depaula]

+1 pls fix 😢

[rafael-loggi]

Same here!!!
On all repositories..

[mvanderkamp-cmb]

If it helps, here's the deprecation notice that shows up on successful runs before the action started breaking an hour ago.

[mvanderkamp-cmb]

I think this is because #153 bumped the dependency without changing how its used. I'd recommend reverting.

[maxlouthain-arcadia]

+1

[matimercado]

+1, same issue in my workflows

[cerontrustly]

+1

[mvanderkamp-cmb]

Workaround:

In your workflow file, use the last working version instead of the latest v2 release by specifying gitleaks/[email protected] instead of gitleaks/gitleaks-action@v2:

jobs:
  scan:
    name: gitleaks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: gitleaks/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

[codykhon]

Opened pull request that should fix this issue

#157

[zricethezav]

Huge thanks to @codykhon for the quick fix. Let me know if it's still broken