fix: run gitleaks and grype on prs (#3332)

Signed-off-by: Carlos A Becker caarlos0@users.noreply.github.com

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

.github/workflows/gitleaks.yml

@@ -2,8 +2,9 @@ name: gitleaks
 
 on:
   push:
-    branches:
-      - 'main'
+    branches: ['main']
+    tags: ['v*']
+  pull_request:
 
 
 permissions:
@@ -14,6 +15,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3
+        with:
+          fetch-depth: 0
       - uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/grype.yml

@@ -2,7 +2,9 @@ name: "grype"
 
 on:
   push:
-    branches: [ main ]
+    branches: ['main']
+    tags: ['v*']
+  pull_request:
 
 jobs:
   scan-source:

.gitleaks.toml

@@ -0,0 +1,5 @@
+[[rules]]
+id = "ignore-testdata"
+[rules.allowlist]
+paths = ['''.*/testdata/*''']
+