Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore 📦: Reduce redaction level in Gitleaks check #20

Closed
Jose wants to merge 0 commits from dev into main
pull from: dev
merge into: Jose:main
Conversation 2 Commits - Files Changed - +202 -169
Jose commented 2026-02-14 10:21:39 +01:00
Owner
Copy Link

Lowered the redaction level in the Gitleaks configuration to improve log readability while maintaining security.

Lowered the redaction level in the Gitleaks configuration to improve log readability while maintaining security.
Jose added 14 commits 2026-02-14 10:21:39 +01:00
feat : Add PR check workflow for Gitleaks and lint tests
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
aad77acf42 
This commit introduces a new pull request (PR) check workflow that includes Gitleaks for security scanning and lint tests to ensure code quality.
refactor ♻️: Refactor PR check workflow by consolidating steps and removing redundant code
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 7s
Details
945717ffbb 
This refactoring consolidates the steps in the PR check workflow, reducing redundancy and improving efficiency.
fix 🐛: Fix typo in PR check workflow comments
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
1733801fe5 
Corrected a minor spelling error in the comments of the pull request check workflow to improve readability and clarity.
fix 🐛: Fix typo in PR check comment body
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 19s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Successful in 14s
Details
PR check / handle_failures (pull_request) Has been skipped
Details
PR check / handle_success (pull_request) Has been skipped
Details
a0138b1bea 
Corrected a minor spelling error in the comment body of the pull request check to improve readability and accuracy.
refactor ♻️: Refactor condition for handle_failures to run regardless of previous job results
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 6s
Details
ai-reviews / Review PR (pull_request) Successful in 19s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Failing after 9s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
dfda760d2c 
This refactoring ensures that the `handle_failures` function is executed irrespective of the outcomes of previous jobs, improving the robustness and reliability of the system.
docs 📝: Update README title and compatibility matrix format
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 6s
Details
eb5eaf7887 
Updated the README title to be more descriptive and restructured the compatibility matrix for better readability.
fix 🐛: Fix PR check job condition
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 21s
Details
PR check / Gitleaks (pull_request) Failing after 6s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details
fc3b5e8507 
This commit addresses an issue where the PR check job was not running as expected. The condition for triggering the job has been corrected to ensure it runs properly under all circumstances.
docs 📝: Update README.md section title and minor formatting
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 10s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 28s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details
e21f9bd002 
Corrected the title of a section in the README.md file and made some minor formatting adjustments for better readability.
chore 📦: Update Gitleaks configuration and README
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Failing after 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
c9a6f0e092 
Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.
docs 📝: Comment out allowlist rule for badge URLs in README
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 30s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 15s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
dbd70e61ce 
Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.
refactor ♻️: Refactor Gitleaks command option from --config-path to --config
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 35s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
7b5c802689 
Updated the configuration path option for Gitleaks from '--config-path' to '--config' to simplify usage and improve consistency with other tools.
chore 📦: Update redaction setting in PR check workflow
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 35s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
eb5bde86d6 
This commit updates the redaction setting from `--redact=10` to `--redact=false` in the `.gitea/workflows/pr-check.yaml` file. This change ensures that no redaction occurs during the PR check process, maintaining full visibility and integrity of the data being checked.
fix 🐛: Increase redaction level in PR check workflow
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
ai-reviews / Review PR (pull_request) Successful in 24s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 16s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
76f035768c 
This change updates the redaction level from `false` to `100` in the `.gitea/workflows/pr-check.yaml` file. This ensures that more sensitive information is redacted during pull request checks, enhancing security.
chore 📦: Reduce redaction level in Gitleaks check
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 30s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 14s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
276c438ff4 
Lowered the redaction level in the Gitleaks configuration to improve log readability while maintaining security.
gitea-actions bot reviewed 2026-02-14 10:22:29 +01:00
gitea-actions bot left a comment
Copy Link

Review Summary

  • .gitea/workflows/pr-check-yaml: This Git diff shows the removal of a workflow file named pr-check-yaml. The previous workflow defined various checks such as leak tests, lint tests, and handling success and failure scenarios. The removal of this file will cause these checks to no longer run on pull requests. Since the removal of the checks can potentially introduce security vulnerabilities, performance issues, or maintainability problems if similar checks are not in place elsewhere, it is advised to reconsider the decision to remove this workflow file.
  • .gitea/workflows/pr-check.yaml: Summary: This Git diff represents a new workflow file (.gitea/workflows/pr-check.yaml) that automates CI checks for pull requests on Gitea. It includes leak testing, linting, and handling of successful or failed checks. Issue(s) Found: Note: Although there are no major logic, security, performance issues, or critical maintainability concerns, it is still worth considering the organization of the workflow's steps as suggested above. LGTM (With a recommendation for improving maintainability)
  • .gitleaks.toml: This diff adds a configuration file for Gitleaks, a tool to detect sensitive data leaks in Git repositories. The changes are well-organized and seem to be aimed at improving the security of the project by ignoring certain false positives and adding specific rules to identify sensitive data. Here's a summary of the changes: * A title for the Gitleaks configuration file is added (Score: 2) * Allowlist and rules sections are defined (Score: 2) * Two allowlist entries are included, one to ignore placeholder secrets in README.md and another to ignore badge URLs in the same file (Score: 2) * Two rules are defined, one for generic API keys and another for Sidekiq secrets (Score: 2) Overall, these changes appear to be well-structured and helpful in securing the project. LGTM
  • README.md: Summary: The provided changes to the README.md file mainly involve renaming and reorganizing sections for better readability, but no critical issues were found in logic, security, performance, or maintainability. Here is the detailed analysis following your guidelines: LGTM
# Review Summary * **.gitea/workflows/pr-check-yaml**: This Git diff shows the removal of a workflow file named `pr-check-yaml`. The previous workflow defined various checks such as leak tests, lint tests, and handling success and failure scenarios. The removal of this file will cause these checks to no longer run on pull requests. Since the removal of the checks can potentially introduce security vulnerabilities, performance issues, or maintainability problems if similar checks are not in place elsewhere, it is advised to reconsider the decision to remove this workflow file. * **.gitea/workflows/pr-check.yaml**: **Summary:** This Git diff represents a new workflow file (`.gitea/workflows/pr-check.yaml`) that automates CI checks for pull requests on Gitea. It includes leak testing, linting, and handling of successful or failed checks. **Issue(s) Found:** **Note:** Although there are no major logic, security, performance issues, or critical maintainability concerns, it is still worth considering the organization of the workflow's steps as suggested above. LGTM (With a recommendation for improving maintainability) * **.gitleaks.toml**: This diff adds a configuration file for Gitleaks, a tool to detect sensitive data leaks in Git repositories. The changes are well-organized and seem to be aimed at improving the security of the project by ignoring certain false positives and adding specific rules to identify sensitive data. Here's a summary of the changes: * A title for the Gitleaks configuration file is added (Score: 2) * Allowlist and rules sections are defined (Score: 2) * Two allowlist entries are included, one to ignore placeholder secrets in README.md and another to ignore badge URLs in the same file (Score: 2) * Two rules are defined, one for generic API keys and another for Sidekiq secrets (Score: 2) Overall, these changes appear to be well-structured and helpful in securing the project. **LGTM** * **README.md**: **Summary:** The provided changes to the README.md file mainly involve renaming and reorganizing sections for better readability, but no critical issues were found in logic, security, performance, or maintainability. Here is the detailed analysis following your guidelines: **LGTM**
.gitleaks.toml
@@ -0,0 +1,30 @@
title = "Gitleaks Config"
gitea-actions bot commented 2026-02-14 10:22:29 +01:00
Copy Link

[Score: 2] Added a title for the Gitleaks configuration file.

[Score: 2] Added a title for the Gitleaks configuration file.
`.gitea/workflows/pr-check.yaml`
gitea-actions bot commented 2026-02-14 10:22:29 +01:00
Copy Link

[Lines 70-167] [Score: 3] The workflow contains multiple steps for each job. Consider organizing the steps into separate functions or reusable actions to improve maintainability and readability.

[Lines 70-167] [Score: 3] The workflow contains multiple `steps` for each job. Consider organizing the steps into separate functions or reusable actions to improve maintainability and readability.
gitea-actions bot commented 2026-02-14 10:22:52 +01:00
Copy Link

CI checks failed.

Leak: failure
Lint: success

<!--ci-failed-comment--> ❌ CI checks failed. Leak: failure Lint: success
gitea-actions bot closed this pull request 2026-02-14 10:22:53 +01:00
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 30s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 14s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Documentation
bug
Something is not working
 ci-failed
action test workflow failed
 ci-pass
action test workflow pass
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 question
More information is needed
 source
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jose
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Jose/ansible_role_proxmox_provision#20
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?