From 2857ce38231e70ae2f15268584f9bd3bf4109b1b Mon Sep 17 00:00:00 2001 From: Paul Calnon Date: Tue, 5 May 2026 23:03:48 -0500 Subject: [PATCH] ci(workflow): force gitleaks-action onto Node.js 24 + drop invalid 'fail' input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two related fixes to the gitleaks-action invocation: 1. GitHub forces all Node.js 20 actions onto Node.js 24 on 2026-06-02. gitleaks-action v2.3.9 has no released Node.js 24 build (PR #215 upstream is in flight). Opt in now via the documented FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 env override. 2. gitleaks-action v2.3.9 has no ``fail`` input — passing it produces ``Unexpected input(s) 'fail', valid inputs are ['']`` warnings in CI. The action exits non-zero on leaks by default, which is the behavior we want, so drop the input. Drop the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 override once gitleaks- action publishes a node24-pinned release. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 53d7876..607aac4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -380,8 +380,15 @@ jobs: uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - fail: true + # gitleaks-action v2.3.9 ships as a Node.js 20 action. + # GitHub forces Node 24 on 2026-06-02; opt in now to eliminate + # the deprecation warning and ensure continued operation past + # the cutover. Drop this once gitleaks-action publishes a + # release pinned to node24 (upstream PR #215). + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" + # gitleaks-action v2.3.9 has no `fail` input — passing it triggers + # "Unexpected input(s) 'fail'" warnings in CI. The action exits + # non-zero on leaks by default, which is the behavior we want. - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0