From a389fe3ef62cb3ac18f58c5ffb7d72948c7cbec6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 13:24:57 +0000
Subject: [PATCH] chore(security): add gitleaks config and update ignore list
 for test tokens

Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>
---
 .gitleaks.toml  | 14 ++++++++++++++
 .gitleaksignore |  3 +++
 2 files changed, 17 insertions(+)
 create mode 100644 .gitleaks.toml

diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..862a4df
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,14 @@
+title = "gh-action-readme gitleaks configuration"
+
+[extend]
+useDefault = true
+
+# Allowlist for test files and fixtures that intentionally contain placeholder tokens.
+# These are not real secrets and are used only for testing purposes.
+[[allowlists]]
+description = "Test fixture files containing placeholder tokens"
+paths = [
+  '''testutil/test_constants\.go''',
+  '''.*_test\.go''',
+  '''testdata/.*''',
+]
diff --git a/.gitleaksignore b/.gitleaksignore
index ee8eb5a..e8e758d 100644
--- a/.gitleaksignore
+++ b/.gitleaksignore
@@ -23,3 +23,6 @@ internal/wizard/validator_test.go:github-pat:204
 integration_test.go:github-pat:304
 internal/config_test.go:github-pat:133
 internal/config_test.go:github-pat:162
+testdata/yaml-fixtures/configs/global-config-default.yml:github-pat:4
+testutil/test_constants.go:github-pat:363
+testutil/test_constants.go:github-pat:455