docs 📝: Comment out allowlist rule for badge URLs in README #16

Closed

Jose wants to merge 0 commits from dev into main

pull from: dev

merge into: Jose:main

Jose:main

Conversation 2 Commits - Files Changed - +202 -169

Jose commented 2026-02-14 10:03:37 +01:00

Owner

Copy Link

Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.

Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.

Jose added 10 commits 2026-02-14 10:03:37 +01:00

feat ✨: Add PR check workflow for Gitleaks and lint tests ... aad77acf42

This commit introduces a new pull request (PR) check workflow that includes Gitleaks for security scanning and lint tests to ensure code quality.

refactor ♻️: Refactor PR check workflow by consolidating steps and removing redundant code ... 945717ffbb

This refactoring consolidates the steps in the PR check workflow, reducing redundancy and improving efficiency.

fix 🐛: Fix typo in PR check workflow comments ... 1733801fe5

Corrected a minor spelling error in the comments of the pull request check workflow to improve readability and clarity.

fix 🐛: Fix typo in PR check comment body ... a0138b1bea

Corrected a minor spelling error in the comment body of the pull request check to improve readability and accuracy.

refactor ♻️: Refactor condition for handle_failures to run regardless of previous job results ... dfda760d2c

This refactoring ensures that the `handle_failures` function is executed irrespective of the outcomes of previous jobs, improving the robustness and reliability of the system.

docs 📝: Update README title and compatibility matrix format ... eb5eaf7887

Updated the README title to be more descriptive and restructured the compatibility matrix for better readability.

fix 🐛: Fix PR check job condition ... fc3b5e8507

This commit addresses an issue where the PR check job was not running as expected. The condition for triggering the job has been corrected to ensure it runs properly under all circumstances.

docs 📝: Update README.md section title and minor formatting ... e21f9bd002

Corrected the title of a section in the README.md file and made some minor formatting adjustments for better readability.

chore 📦: Update Gitleaks configuration and README ... c9a6f0e092

Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.

docs 📝: Comment out allowlist rule for badge URLs in README ... dbd70e61ce

Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.

gitea-actions bot reviewed 2026-02-14 10:04:07 +01:00

gitea-actions bot left a comment

Copy Link

Review Summary

• .gitea/workflows/pr-check-yaml: This Git diff indicates the deletion of a workflow file called pr-check-yaml. The deleted workflow appears to be a series of jobs and steps for performing checks such as linting, leak testing, and handling success or failure scenarios. As the file has been removed, it is not possible to perform a detailed review according to the provided guidelines. However, some potential issues that may have existed in the original workflow are: 1. Security (Score: 4): The gitleaks command used for leak testing was run without any specific configuration or sensitive data filtering, which could potentially expose secret keys, credentials, or other sensitive information found within the codebase. 2. Performance (Score: 3): The use of gitleaks might have a performance impact on the workflow due to its thorough scanning of the repository for secrets. 3. Maintainability (Score: 3): Hardcoding the GitHub API endpoint, GIT_SERVER_URL, and GITEA_TOKEN as secrets in the workflow file makes it less flexible and harder to manage when changes are required. It's generally a good practice to use environment variables or secure secrets stored in a centralized location for such configurations. Without the actual contents of the file, I cannot provide specific line comments or LGTM status. However, I strongly recommend reviewing the reasons mentioned above and ensuring that proper configuration and security measures are implemented if similar workflows are being used.
• .gitea/workflows/pr-check.yaml: This Git diff represents a new workflow file for GitHub (.gitea/workflows/pr-check.yaml) that performs various checks on pull requests, including leak tests and linting. The code looks good with no issues scoring >= 2, so here's the summary: LGTM This workflow will help ensure that pull requests are thoroughly checked for potential security leaks, coding style issues, and syntax errors before they are merged into the main branch. This promotes a higher standard of code quality and reduces the risk of introducing vulnerabilities or code inconsistencies in the project.
• .gitleaks.toml: Summary: This git diff introduces a Gitleaks configuration file to manage secrets and false positives in the project. diff File: b/.gitleaks.toml Context: Line 1: + title = "Gitleaks Config" Line 2: + Line 3: +# ========================== Line 4: +# Allowlist / False Positive Rules Line 5: +# ========================== Line 6: +# [[allowlist]] Line 7: +# description = "Ignore placeholder secrets in README.md" Line 8: +# filepath = "README.md" Line 9: +# # Add all placeholder-like patterns that trigger false positives Line 10: +# regex = "cafebabe|deadbeef|DB_PASSWORD" Line 11: + Line 12: +# [[allowlist]] Line 13: +# description = "Ignore badge URLs in README" Line 14: +# filepath = "README.md" Line 15: +# regex = "https://img.shields.io" Line 16: + Line 17: +# ========================== Line 18: +# Rules Line 19: +# ========================== Line 20: +[[rules]] Line 21: +id = "generic-api-key" Line 22: +description = "Generic API Key" Line 23: +regex = "(?i)(api[_-]?key|secret|token)=\\S+" Line 24: +entropy = 3.5 Line 25: + Line 26: +[[rules]] Line 27: +id = "sidekiq-secret" Line 28: +description = "Sidekiq Secret" Line 29: +regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+" Line 30: +entropy = 2.5 LGTM
• README.md: Brief Summary: The changes made to the README.md file focus on improving readability and maintaining consistency, but there's a small potential for confusion due to the renaming of "Key Features" section. No critical or major issues were found. LGTM

# Review Summary * **.gitea/workflows/pr-check-yaml**: This Git diff indicates the deletion of a workflow file called `pr-check-yaml`. The deleted workflow appears to be a series of jobs and steps for performing checks such as linting, leak testing, and handling success or failure scenarios. As the file has been removed, it is not possible to perform a detailed review according to the provided guidelines. However, some potential issues that may have existed in the original workflow are: 1. Security (Score: 4): The `gitleaks` command used for leak testing was run without any specific configuration or sensitive data filtering, which could potentially expose secret keys, credentials, or other sensitive information found within the codebase. 2. Performance (Score: 3): The use of `gitleaks` might have a performance impact on the workflow due to its thorough scanning of the repository for secrets. 3. Maintainability (Score: 3): Hardcoding the GitHub API endpoint, GIT_SERVER_URL, and GITEA_TOKEN as secrets in the workflow file makes it less flexible and harder to manage when changes are required. It's generally a good practice to use environment variables or secure secrets stored in a centralized location for such configurations. Without the actual contents of the file, I cannot provide specific line comments or LGTM status. However, I strongly recommend reviewing the reasons mentioned above and ensuring that proper configuration and security measures are implemented if similar workflows are being used. * **.gitea/workflows/pr-check.yaml**: This Git diff represents a new workflow file for GitHub (`.gitea/workflows/pr-check.yaml`) that performs various checks on pull requests, including leak tests and linting. The code looks good with no issues scoring >= 2, so here's the summary: LGTM This workflow will help ensure that pull requests are thoroughly checked for potential security leaks, coding style issues, and syntax errors before they are merged into the main branch. This promotes a higher standard of code quality and reduces the risk of introducing vulnerabilities or code inconsistencies in the project. * **.gitleaks.toml**: **Summary:** This git diff introduces a Gitleaks configuration file to manage secrets and false positives in the project. ```diff File: b/.gitleaks.toml Context: Line 1: + title = "Gitleaks Config" Line 2: + Line 3: +# ========================== Line 4: +# Allowlist / False Positive Rules Line 5: +# ========================== Line 6: +# [[allowlist]] Line 7: +# description = "Ignore placeholder secrets in README.md" Line 8: +# filepath = "README.md" Line 9: +# # Add all placeholder-like patterns that trigger false positives Line 10: +# regex = "cafebabe|deadbeef|DB_PASSWORD" Line 11: + Line 12: +# [[allowlist]] Line 13: +# description = "Ignore badge URLs in README" Line 14: +# filepath = "README.md" Line 15: +# regex = "https://img.shields.io" Line 16: + Line 17: +# ========================== Line 18: +# Rules Line 19: +# ========================== Line 20: +[[rules]] Line 21: +id = "generic-api-key" Line 22: +description = "Generic API Key" Line 23: +regex = "(?i)(api[_-]?key|secret|token)=\\S+" Line 24: +entropy = 3.5 Line 25: + Line 26: +[[rules]] Line 27: +id = "sidekiq-secret" Line 28: +description = "Sidekiq Secret" Line 29: +regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+" Line 30: +entropy = 2.5 LGTM ``` * **README.md**: **Brief Summary:** The changes made to the README.md file focus on improving readability and maintaining consistency, but there's a small potential for confusion due to the renaming of "Key Features" section. No critical or major issues were found. **LGTM**

gitea-actions bot commented 2026-02-14 10:04:31 +01:00

Copy Link

❌ CI checks failed.

Leak: failure
Lint: success

<!--ci-failed-comment--> ❌ CI checks failed. Leak: failure Lint: success

gitea-actions bot closed this pull request 2026-02-14 10:04:31 +01:00

Some checks failed

Hide all checks

ansible-lint / Ansible Lint (push) Successful in 12s

Details

Gitleaks Scan / gitleaks (push) Successful in 4s

Details

Markdown Lint / markdown-lint (push) Successful in 5s

Details

ai-reviews / Review PR (pull_request) Successful in 30s

Details

PR check / Gitleaks (pull_request) Failing after 4s

Details

PR check / lint tests (pull_request) Successful in 15s

Details

PR check / handle_failures (pull_request) Successful in 2s

Details

PR check / handle_success (pull_request) Has been skipped

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Documentation

bug

Something is not working

ci-failed

action test workflow failed

ci-pass

action test workflow pass

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

source

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jose

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Jose/ansible_role_proxmox_provision#16