Allow CLI version pinning in GHA (#2397) (#2398)

* Allow CLI version pinning in GHA (#2397) * prevent segfault in test-community
2024-11-10 07:04:24 +00:00 · 2024-02-07 17:58:04 -05:00 · 2024-02-07 17:58:04 -05:00 · 7296bcdc5d
commit 7296bcdc5d
parent 02fe9e189b
2 changed files with 11 additions and 2 deletions
--- a/action.yml
+++ b/action.yml
@ -18,6 +18,10 @@ inputs:
    default: ''
    description: Extra args to be passed to the trufflehog cli.
    required: false
+  version:
+    default: 'latest'
+    description: Scan with this trufflehog cli version.
+    required: false
 branding:
  icon: "shield"
  color: "green"
@ -32,6 +36,7 @@ runs:
      HEAD: ${{ inputs.head }}
      ARGS: ${{ inputs.extra_args }}
      COMMITS: ${{ toJson(github.event.commits) }}
+      VERSION: ${{ inputs.version }}
    run: |
      ##########################################
      ## ADVANCED USAGE                       ##
@ -81,7 +86,7 @@ runs:
      ##          Run TruffleHog              ##
      ##########################################
      docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
-      ghcr.io/trufflesecurity/trufflehog:latest \
+      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
      git file:///tmp/ \
      --since-commit \
      ${BASE:-''} \
--- a/pkg/engine/engine_test.go
+++ b/pkg/engine/engine_test.go
@ -228,6 +228,10 @@ func TestEngine_VersionedDetectorsVerifiedSecrets(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
 	defer cancel()
 	testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4")
+	if err != nil {
+		t.Log("Failed to get secrets, likely running community-tests")
+		return
+	}
 	assert.NoError(t, err)
 	secretV2 := testSecrets.MustGetField("GITLABV2")
 	secretV1 := testSecrets.MustGetField("GITLAB")