mirror of
https://github.com/LearningCircuit/local-deep-research.git
synced 2026-06-16 03:51:07 +03:00
0fa151a4eb
The gitleaks action was still flagging placeholder API key examples despite having them in the allowlist. This fix addresses the root causes: 1. Add explicit GITLEAKS_CONFIG environment variable to workflow to ensure the config file is loaded by gitleaks-action v2 2. Add GITLEAKS_BASELINE_PATH to use the baseline ignore file 3. Add secretGroup = 2 to the generic-secret rule to extract just the secret value (not the full match including KEY=), allowing the existing allowlist regexes like 'your-.*-key-here' to work properly 4. Create .gitleaksignore baseline file with specific fingerprints for known false positives in historical commits 5. Update .gitignore to track .gitleaksignore file 6. Add .gitleaksignore to file-whitelist-check scripts in both .github/scripts/ and .pre-commit-hooks/