chore 📦: Comment out --exclude-files option in pr-check.yaml workflow Add new rule to ignore placeholder secrets in README.md #22

Closed

Jose wants to merge 0 commits from dev into main

pull from: dev

merge into: Jose:main

Jose:main

Conversation 2 Commits - Files Changed - +213 -169

Jose commented 2026-02-14 10:29:55 +01:00

Owner

Copy Link

Updated the PR check workflow to comment out the --exclude-files option and added a new rule in README.md to ignore placeholder secrets.

Updated the PR check workflow to comment out the `--exclude-files` option and added a new rule in README.md to ignore placeholder secrets.

Jose added 16 commits 2026-02-14 10:29:56 +01:00

feat ✨: Add PR check workflow for Gitleaks and lint tests ... aad77acf42

This commit introduces a new pull request (PR) check workflow that includes Gitleaks for security scanning and lint tests to ensure code quality.

refactor ♻️: Refactor PR check workflow by consolidating steps and removing redundant code ... 945717ffbb

This refactoring consolidates the steps in the PR check workflow, reducing redundancy and improving efficiency.

fix 🐛: Fix typo in PR check workflow comments ... 1733801fe5

Corrected a minor spelling error in the comments of the pull request check workflow to improve readability and clarity.

fix 🐛: Fix typo in PR check comment body ... a0138b1bea

Corrected a minor spelling error in the comment body of the pull request check to improve readability and accuracy.

refactor ♻️: Refactor condition for handle_failures to run regardless of previous job results ... dfda760d2c

This refactoring ensures that the `handle_failures` function is executed irrespective of the outcomes of previous jobs, improving the robustness and reliability of the system.

docs 📝: Update README title and compatibility matrix format ... eb5eaf7887

Updated the README title to be more descriptive and restructured the compatibility matrix for better readability.

fix 🐛: Fix PR check job condition ... fc3b5e8507

This commit addresses an issue where the PR check job was not running as expected. The condition for triggering the job has been corrected to ensure it runs properly under all circumstances.

docs 📝: Update README.md section title and minor formatting ... e21f9bd002

Corrected the title of a section in the README.md file and made some minor formatting adjustments for better readability.

chore 📦: Update Gitleaks configuration and README ... c9a6f0e092

Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.

docs 📝: Comment out allowlist rule for badge URLs in README ... dbd70e61ce

Updated the README to comment out the allowlist rule for badge URLs, as it is no longer necessary.

refactor ♻️: Refactor Gitleaks command option from --config-path to --config ... 7b5c802689

Updated the configuration path option for Gitleaks from '--config-path' to '--config' to simplify usage and improve consistency with other tools.

chore 📦: Update redaction setting in PR check workflow ... eb5bde86d6

This commit updates the redaction setting from `--redact=10` to `--redact=false` in the `.gitea/workflows/pr-check.yaml` file. This change ensures that no redaction occurs during the PR check process, maintaining full visibility and integrity of the data being checked.

fix 🐛: Increase redaction level in PR check workflow ... 76f035768c

This change updates the redaction level from `false` to `100` in the `.gitea/workflows/pr-check.yaml` file. This ensures that more sensitive information is redacted during pull request checks, enhancing security.

chore 📦: Reduce redaction level in Gitleaks check ... 276c438ff4

Lowered the redaction level in the Gitleaks configuration to improve log readability while maintaining security.

chore 📦: Increase redaction length and exclude README.md in gitleaks check ... 2d9aa39339

This commit increases the maximum redaction length for sensitive data in our codebase and updates the gitleaks configuration to exclude README.md files from scans. This ensures that we maintain a higher standard of security while avoiding false positives.

chore 📦: Comment out --exclude-files option in pr-check.yaml workflow Add new rule to ignore placeholder secrets in README.md ... 8bd90b8823

Updated the PR check workflow to comment out the `--exclude-files` option and added a new rule in README.md to ignore placeholder secrets.

gitea-actions bot reviewed 2026-02-14 10:30:34 +01:00

gitea-actions bot left a comment

Copy Link

Review Summary

• .gitea/workflows/pr-check-yaml: This appears to be a GitHub Actions workflow for checking PRs, including leak tests, linting, and labeling. The provided diff indicates that the entire file has been deleted. This is problematic as it removes all checks and automation in place for reviewing PRs. To maintain proper code quality, ensure that these checks are not removed without careful consideration and a suitable replacement or alternative is implemented.
• .gitea/workflows/pr-check.yaml: Summary: Addition of a new GitHub Actions workflow file for CI checks. The provided code looks good, and no issues with Score >= 2 were found.
• .gitleaks.toml: Summary: This Git diff describes the addition of a Gitleaks configuration file to help filter out sensitive data from the codebase, and it also includes some custom rules for API keys and Sidekiq secrets. Overall, the changes look good and should improve the security of the project. However, there is one issue related to the entropy value that might require attention:
• README.md: Summary: The provided code change updates the README file to better align with Ansible conventions and clarifies some terms. No significant issues were found concerning logic, security, performance, or maintainability. LGTM

# Review Summary * **.gitea/workflows/pr-check-yaml**: This appears to be a GitHub Actions workflow for checking PRs, including leak tests, linting, and labeling. The provided diff indicates that the entire file has been deleted. This is problematic as it removes all checks and automation in place for reviewing PRs. To maintain proper code quality, ensure that these checks are not removed without careful consideration and a suitable replacement or alternative is implemented. * **.gitea/workflows/pr-check.yaml**: **Summary:** Addition of a new GitHub Actions workflow file for CI checks. The provided code looks good, and no issues with Score >= 2 were found. * **.gitleaks.toml**: **Summary:** This Git diff describes the addition of a Gitleaks configuration file to help filter out sensitive data from the codebase, and it also includes some custom rules for API keys and Sidekiq secrets. Overall, the changes look good and should improve the security of the project. However, there is one issue related to the entropy value that might require attention: * **README.md**: **Summary:** The provided code change updates the README file to better align with Ansible conventions and clarifies some terms. No significant issues were found concerning logic, security, performance, or maintainability. ``` LGTM ```

b/.gitleaks.toml

gitea-actions bot commented 2026-02-14 10:30:34 +01:00

Copy Link

[Score: 2] The entropy value for the "generic-api-key-docs" rule seems too high. This could potentially mask sensitive information in the README.md file. Consider lowering it if necessary.

[Score: 2] The entropy value for the "generic-api-key-docs" rule seems too high. This could potentially mask sensitive information in the README.md file. Consider lowering it if necessary.

gitea-actions bot commented 2026-02-14 10:30:56 +01:00

Copy Link

❌ CI checks failed.

Leak: failure
Lint: success

<!--ci-failed-comment--> ❌ CI checks failed. Leak: failure Lint: success

gitea-actions bot closed this pull request 2026-02-14 10:30:57 +01:00

Some checks failed

Hide all checks

ansible-lint / Ansible Lint (push) Successful in 11s

Details

Gitleaks Scan / gitleaks (push) Successful in 4s

Details

Markdown Lint / markdown-lint (push) Successful in 4s

Details

ai-reviews / Review PR (pull_request) Successful in 19s

Details

PR check / Gitleaks (pull_request) Failing after 5s

Details

PR check / lint tests (pull_request) Successful in 13s

Details

PR check / handle_failures (pull_request) Successful in 1s

Details

PR check / handle_success (pull_request) Has been skipped

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Documentation

bug

Something is not working

ci-failed

action test workflow failed

ci-pass

action test workflow pass

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

source

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jose

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Jose/ansible_role_proxmox_provision#22