From 8bd90b88238bfe65d1423d62cb8662641729810c Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Sat, 14 Feb 2026 10:29:46 +0100
Subject: [PATCH] =?UTF-8?q?chore=20=F0=9F=93=A6:=20Comment=20out=20--exclu?=
 =?UTF-8?q?de-files=20option=20in=20pr-check.yaml=20workflow=20Add=20new?=
 =?UTF-8?q?=20rule=20to=20ignore=20placeholder=20secrets=20in=20README.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updated the PR check workflow to comment out the `--exclude-files` option and added a new rule in README.md to ignore placeholder secrets.
---
 .gitea/workflows/pr-check.yaml |  2 +-
 .gitleaks.toml                 | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/pr-check.yaml b/.gitea/workflows/pr-check.yaml
index 9d37c4d..3e2e308 100644
--- a/.gitea/workflows/pr-check.yaml
+++ b/.gitea/workflows/pr-check.yaml
@@ -30,7 +30,7 @@ jobs:
             --redact=50 \
             --verbose \
             --exit-code 1
-            --exclude-files "README.md"
+        # --exclude-files "README.md"
 
   lint_test:
     name: lint tests
diff --git a/.gitleaks.toml b/.gitleaks.toml
index a928cfb..d91c521 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -28,3 +28,13 @@ id = "sidekiq-secret"
 description = "Sidekiq Secret"
 regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
 entropy = 2.5
+
+# ==========================
+# File-specific entropy overrides
+# ==========================
+[[rules]]
+id = "generic-api-key-docs"
+description = "Ignore placeholder secrets in README.md"
+regex = "(?i)(api[_-]?key|secret|token)=\\S+"
+filepath = "README.md"
+entropy = 10.0   # very high threshold, placeholders won't trigger
\ No newline at end of file