Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore 📦: Comment out --exclude-files option in pr-check.yaml workflow Add new rule to ignore placeholder secrets in README.md
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 4s
Details
ai-reviews / Review PR (pull_request) Successful in 19s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details

Browse Source 
Updated the PR check workflow to comment out the `--exclude-files` option and added a new rule in README.md to ignore placeholder secrets.
This commit is contained in:
Jose
2026-02-14 10:29:46 +01:00
parent 2d9aa39339
commit 8bd90b8823
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/pr-check.yaml
View File

@@ -30,7 +30,7 @@ jobs:
--redact=50 \ --redact=50 \
--verbose \ --verbose \
--exit-code 1 --exit-code 1
--exclude-files "README.md" # --exclude-files "README.md"
lint_test: lint_test:
name: lint tests name: lint tests

10
.gitleaks.toml
View File

@@ -28,3 +28,13 @@ id = "sidekiq-secret"
description = "Sidekiq Secret" description = "Sidekiq Secret"
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+" regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
entropy = 2.5 entropy = 2.5
# ==========================
# File-specific entropy overrides
# ==========================
[[rules]]
id = "generic-api-key-docs"
description = "Ignore placeholder secrets in README.md"
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
filepath = "README.md"
entropy = 10.0 # very high threshold, placeholders won't trigger