Skip to content

Feature/setup gitleaks#8

Merged
duongtronghoa6a-debug merged 1 commit into
devfrom
feature/setup-gitleaks
May 1, 2026
Merged

Feature/setup gitleaks#8
duongtronghoa6a-debug merged 1 commit into
devfrom
feature/setup-gitleaks

Conversation

@duongtronghoa6a-debug

@duongtronghoa6a-debug duongtronghoa6a-debug commented May 1, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

Copilot AI review requested due to automatic review settings May 1, 2026 06:39
Copilot AI reviewed May 1, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitLeaks scan workflow for pull requests so secrets can be detected before merging into protected branches.

Changes:

  • Introduces a new GitHub Actions workflow that runs on pull_request events targeting main and dev.
  • Checks out the full repository history (fetch-depth: 0) and runs gitleaks/gitleaks-action@v2.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/gitleaks.yml
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow runs the action with its default configuration; it doesn’t pass the repo’s gitleaks.toml, so the existing allowlist/settings used by the nightly scan won’t be applied and PR checks may produce inconsistent/extra findings. Configure the action to use gitleaks.toml (and any required args) so PR scans match the repo’s intended ruleset.

Suggested change
- uses: gitleaks/gitleaks-action@v2
- uses: gitleaks/gitleaks-action@v2
with:
args: --config=gitleaks.toml

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/gitleaks.yml
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider pinning the GitLeaks engine version for the action (or otherwise aligning it with the pinned zricethezav/gitleaks:v8.18.4 used in the scheduled workflow). Leaving the version implicit can cause the PR check behavior to change over time as new GitLeaks releases/rules ship, creating unexpected failures.

Suggested change
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_VERSION: v8.18.4

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/gitleaks.yml
Comment on lines +9 to +12
jobs:
scan:
name: gitleaks
runs-on: ubuntu-latest

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an explicit permissions: block (e.g., contents: read) so this workflow doesn’t rely on the repository’s default GITHUB_TOKEN permissions. This follows least-privilege and avoids accidentally granting write permissions to a third-party action if repo defaults change.

Copilot uses AI. Check for mistakes.
@duongtronghoa6a-debug duongtronghoa6a-debug merged commit 8443753 into dev May 1, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@duongtronghoa6a-debug