From 7b9f0b9242c6d66624434b73b0cc6919c4d87398 Mon Sep 17 00:00:00 2001
From: user <user@rpios.local>
Date: Thu, 5 Feb 2026 12:08:17 +0100
Subject: [PATCH] ci: Download gitleaks binary, use python3 -m pip for
 flawfinder

---
 .gitea/workflows/lint.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml
index cdcc2d7..ee08d2a 100644
--- a/.gitea/workflows/lint.yml
+++ b/.gitea/workflows/lint.yml
@@ -34,11 +34,9 @@ jobs:
           git clone --depth=1 --branch=${{ github.ref_name }} \
             https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
 
-      - name: Install flawfinder
-        run: pip install --user flawfinder
-
-      - name: Run flawfinder
+      - name: Install and run flawfinder
         run: |
+          python3 -m pip install --user flawfinder
           ~/.local/bin/flawfinder --minlevel=2 --error-level=4 \
             get-started/csi_recv_router/main/
 
@@ -51,8 +49,13 @@ jobs:
           git clone --branch=${{ github.ref_name }} \
             https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
 
-      - name: Run gitleaks
-        run: gitleaks detect --source . --verbose --redact
+      - name: Install and run gitleaks
+        run: |
+          GITLEAKS_VERSION="8.18.4"
+          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
+            -o /tmp/gitleaks.tar.gz
+          tar -xzf /tmp/gitleaks.tar.gz -C /tmp gitleaks
+          /tmp/gitleaks detect --source . --verbose --redact
 
   shellcheck:
     name: Shell Script Analysis