From 18992c63e197a88e622a23ff90eb1a9b4524a24e Mon Sep 17 00:00:00 2001
From: user <user@rpios.local>
Date: Sun, 22 Feb 2026 08:24:47 +0100
Subject: [PATCH] fix: resolve gitleaks version dynamically from GitHub API

The /releases/latest/download/ URL doesn't expand version in
the filename. Query the redirect to resolve actual version first.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 43b6a0d..aee9157 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -53,7 +53,8 @@ jobs:
       - name: Install gitleaks
         run: |
           ARCH=$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/')
-          curl -sSL "https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_8.22.1_linux_${ARCH}.tar.gz" \
+          VER=$(curl -sI https://github.com/gitleaks/gitleaks/releases/latest | grep -i location | grep -oE 'v[0-9.]+' | tr -d v)
+          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${VER}/gitleaks_${VER}_linux_${ARCH}.tar.gz" \
             | tar xz -C /usr/local/bin/ gitleaks
       - name: Scan for secrets
         run: gitleaks detect --source . -v