Discrepancy between GHA and locally running trufflehog while trying to compare branches #4399
Description
Hi,
I'm currently trying to get trufflehog to run on a PR branch (in the example below my-branch) and compare it to the branch its being merged into (in the example below develop). When I test this locally with the command below, it works as expected
trufflehog git --filter-unverified --exclude-paths=trufflehog-excludes-file --since-commit=develop --branch=my-branch https://github.com/org/repo
When I run the github action we've followed this configuration with some small tweaks as shown below
- name: TruffleHog Scan
uses: trufflesecurity/trufflehog@b9dd330365132cd2d01dd5dc8a857a056a2544e1 # v3
with:
extra_args: --filter-unverified --exclude-paths=trufflehog-excludes-file
head: 'my-branch'
base: 'develop'
The response I keep getting back from this action is below:
error trufflehog encountered errors during scan {"job": 1, "source_name": "trufflehog - git", "errors": ["error chunking dir \"/tmp/\": unable to resolve ref: no base refs succeeded for base: \"develop\""]}
When I omit the base argument trufflehog runs but it is checking the entire history which I don't want to do. The error message makes it seem like it can't find the develop branch but I've tried checking out the code in various different ways (removing fetch depth, branch in the checkout, etc) and I keep getting that error message. My goal is to check my branch against the base to make sure no secrets have been committed so if anyone has suggestions on how to fix this it'd be greatly appreciated. Thanks!