Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore 📦: Increase redaction length and exclude README.md in gitleaks check #21

Closed
Jose wants to merge 0 commits from dev into main
pull from: dev
merge into: Jose:main
Conversation 2 Commits - Files Changed - +203 -169
Jose commented 2026-02-14 10:28:07 +01:00
Owner
Copy Link

This commit increases the maximum redaction length for sensitive data in our codebase and updates the gitleaks configuration to exclude README.md files from scans. This ensures that we maintain a higher standard of security while avoiding false positives.

This commit increases the maximum redaction length for sensitive data in our codebase and updates the gitleaks configuration to exclude README.md files from scans. This ensures that we maintain a higher standard of security while avoiding false positives.
Jose added 15 commits 2026-02-14 10:28:07 +01:00
feat : Add PR check workflow for Gitleaks and lint tests
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
aad77acf42 
This commit introduces a new pull request (PR) check workflow that includes Gitleaks for security scanning and lint tests to ensure code quality.
refactor ♻️: Refactor PR check workflow by consolidating steps and removing redundant code
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 7s
Details
945717ffbb 
This refactoring consolidates the steps in the PR check workflow, reducing redundancy and improving efficiency.
fix 🐛: Fix typo in PR check workflow comments
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
1733801fe5 
Corrected a minor spelling error in the comments of the pull request check workflow to improve readability and clarity.
fix 🐛: Fix typo in PR check comment body
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 19s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Successful in 14s
Details
PR check / handle_failures (pull_request) Has been skipped
Details
PR check / handle_success (pull_request) Has been skipped
Details
a0138b1bea 
Corrected a minor spelling error in the comment body of the pull request check to improve readability and accuracy.
refactor ♻️: Refactor condition for handle_failures to run regardless of previous job results
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 6s
Details
ai-reviews / Review PR (pull_request) Successful in 19s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Failing after 9s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
dfda760d2c 
This refactoring ensures that the `handle_failures` function is executed irrespective of the outcomes of previous jobs, improving the robustness and reliability of the system.
docs 📝: Update README title and compatibility matrix format
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 6s
Details
eb5eaf7887 
Updated the README title to be more descriptive and restructured the compatibility matrix for better readability.
fix 🐛: Fix PR check job condition
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 21s
Details
PR check / Gitleaks (pull_request) Failing after 6s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details
fc3b5e8507 
This commit addresses an issue where the PR check job was not running as expected. The condition for triggering the job has been corrected to ensure it runs properly under all circumstances.
docs 📝: Update README.md section title and minor formatting
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 10s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 28s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details
e21f9bd002 
Corrected the title of a section in the README.md file and made some minor formatting adjustments for better readability.
chore 📦: Update Gitleaks configuration and README
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Failing after 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
c9a6f0e092 
Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.
docs 📝: Comment out allowlist rule for badge URLs in README
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 30s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 15s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
dbd70e61ce 
Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.
refactor ♻️: Refactor Gitleaks command option from --config-path to --config
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 35s
Details
PR check / Gitleaks (pull_request) Failing after 5s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
7b5c802689 
Updated the configuration path option for Gitleaks from '--config-path' to '--config' to simplify usage and improve consistency with other tools.
chore 📦: Update redaction setting in PR check workflow
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 35s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
eb5bde86d6 
This commit updates the redaction setting from `--redact=10` to `--redact=false` in the `.gitea/workflows/pr-check.yaml` file. This change ensures that no redaction occurs during the PR check process, maintaining full visibility and integrity of the data being checked.
fix 🐛: Increase redaction level in PR check workflow
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
ai-reviews / Review PR (pull_request) Successful in 24s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 16s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
76f035768c 
This change updates the redaction level from `false` to `100` in the `.gitea/workflows/pr-check.yaml` file. This ensures that more sensitive information is redacted during pull request checks, enhancing security.
chore 📦: Reduce redaction level in Gitleaks check
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 30s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 14s
Details
PR check / handle_failures (pull_request) Successful in 2s
Details
PR check / handle_success (pull_request) Has been skipped
Details
276c438ff4 
Lowered the redaction level in the Gitleaks configuration to improve log readability while maintaining security.
chore 📦: Increase redaction length and exclude README.md in gitleaks check
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 26s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details
2d9aa39339 
This commit increases the maximum redaction length for sensitive data in our codebase and updates the gitleaks configuration to exclude README.md files from scans. This ensures that we maintain a higher standard of security while avoiding false positives.
gitea-actions bot reviewed 2026-02-14 10:28:33 +01:00
gitea-actions bot left a comment
Copy Link

Review Summary

  • .gitea/workflows/pr-check-yaml: Summary: The provided Git diff shows the removal of a workflow file (pr-check-yaml) containing various steps for CI checks, including leak testing and linting. Issues:
  • .gitea/workflows/pr-check.yaml: This Git diff represents a new workflow file for Gitea, which contains steps to run various checks such as leak test, lint tests, and handle both success and failure cases. The changes look good and there are no issues with Score >= 2.
  • .gitleaks.toml: Summary: Added allowlist and rule configurations for Gitleaks to ignore certain false positives in README files, and identified some API keys and Sidekiq secrets. LGTM (With the exception of the issues mentioned above, this configuration looks good and no further issues with Score >= 2 were found.)
  • README.md: Changes in the provided code: 1. The README file has been updated to improve its structure and clarity. Issues found (Score >= 2): LGTM (Logic appears good with no major issues found).
# Review Summary * **.gitea/workflows/pr-check-yaml**: **Summary:** The provided Git diff shows the removal of a workflow file (`pr-check-yaml`) containing various steps for CI checks, including leak testing and linting. **Issues:** * **.gitea/workflows/pr-check.yaml**: This Git diff represents a new workflow file for Gitea, which contains steps to run various checks such as leak test, lint tests, and handle both success and failure cases. The changes look good and there are no issues with Score >= 2. * **.gitleaks.toml**: **Summary:** Added allowlist and rule configurations for Gitleaks to ignore certain false positives in README files, and identified some API keys and Sidekiq secrets. LGTM (With the exception of the issues mentioned above, this configuration looks good and no further issues with Score >= 2 were found.) * **README.md**: Changes in the provided code: 1. The README file has been updated to improve its structure and clarity. Issues found (Score >= 2): LGTM (Logic appears good with no major issues found).
README.md
@@ -1,4 +1,4 @@
# ansible_role_proxmox_provision
# README ansible_role_proxmox_provision
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Score: 3] Changing '#' to a space could improve readability, as the '#' is not necessary for comments in markdown files.

[Score: 3] Changing '#' to a space could improve readability, as the '#' is not necessary for comments in markdown files.
README.md
@@ -11,3 +10,4 @@
## 📌 Features
**Proxmox VE Optimized** - Specifically designed for Proxmox Virtual Environment
**Idempotent** - Safe to run multiple times
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Lines 12-13] [Score: 2] The use of emojis might not be necessary and should be considered for maintainability purposes. However, this is a minor issue.

[Lines 12-13] [Score: 2] The use of emojis might not be necessary and should be considered for maintainability purposes. However, this is a minor issue.
README.md
@@ -18,7 +18,7 @@
## 📊 Compatibility Matrix
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Lines 18-19] [Score: 2] The use of emojis might not be necessary and should be considered for maintainability purposes. However, this is a minor issue.

[Lines 18-19] [Score: 2] The use of emojis might not be necessary and should be considered for maintainability purposes. However, this is a minor issue.
b/.gitleaks.toml
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.
b/.gitleaks.toml
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.
b/.gitleaks.toml
gitea-actions bot commented 2026-02-14 10:28:33 +01:00
Copy Link

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.

[Score: 4] Potential security vulnerabilities by hard-coding sensitive values in the config file. Consider using environment variables or secure secret management systems instead.
gitea-actions bot commented 2026-02-14 10:28:56 +01:00
Copy Link

CI checks failed.

Leak: failure
Lint: success

<!--ci-failed-comment--> ❌ CI checks failed. Leak: failure Lint: success
gitea-actions bot closed this pull request 2026-02-14 10:28:56 +01:00
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 26s
Details
PR check / Gitleaks (pull_request) Failing after 4s
Details
PR check / lint tests (pull_request) Successful in 13s
Details
PR check / handle_failures (pull_request) Successful in 1s
Details
PR check / handle_success (pull_request) Has been skipped
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Documentation
bug
Something is not working
 ci-failed
action test workflow failed
 ci-pass
action test workflow pass
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 question
More information is needed
 source
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jose
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Jose/ansible_role_proxmox_provision#21
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?