LotusGuild/matrix
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Python runner; add gitleaks secret scanning
Lint / Shell (shellcheck) (push) Successful in 9s
Details
Lint / JS (eslint) (push) Successful in 7s
Details
Lint / Python (ruff) (push) Failing after 42s
Details
Lint / Python deps (pip-audit) (push) Failing after 47s
Details
Lint / Secret scan (gitleaks) (push) Failing after 9s
Details

Browse Source 
- All Python jobs now install python3-pip via apt first (runner image
  has no pip by default)
- Added secret-scan job: gitleaks v8.21.2 scans full git history on
  every push/PR with --redact to avoid leaking found secrets in logs
- Added .gitleaks.toml allowlisting deploy/hooks-lxc*.json files
  (webhook HMAC secrets are intentional config, not leaks)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-04-20 16:29:14 -04:00
parent d49b33fc42
commit 371ed8116f
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitleaks.toml
+6
View File
@@ -0,0 +1,6 @@
[extend]
useDefault = true
[[allowlists]]
description = "Webhook HMAC secrets in hook config files are intentional"
paths = ['''deploy/hooks-lxc\d+\.json''']