chore(security): add gitleaks config and update ignore list for test tokens (#195)

2026-03-16 16:01:29 +00:00 · 2026-03-15 17:22:50 +02:00
parent 64ee9e8dd6
commit e80c8bb3bf
2 changed files with 16 additions and 0 deletions
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -0,0 +1,13 @@
+title = "gh-action-readme gitleaks configuration"
+
+[extend]
+useDefault = true
+
+# Allowlist for test files and fixtures that intentionally contain placeholder tokens.
+# These are not real secrets and are used only for testing purposes.
+[allowlist]
+description = "Test fixture files containing placeholder tokens"
+paths = [
+	'''^testutil/test_constants\.go$''',
+	'''^testdata/''',
+]
--- a/.gitleaksignore
+++ b/.gitleaksignore
@@ -23,3 +23,6 @@ internal/wizard/validator_test.go:github-pat:204
 integration_test.go:github-pat:304
 internal/config_test.go:github-pat:133
 internal/config_test.go:github-pat:162
+testdata/yaml-fixtures/configs/global-config-default.yml:github-pat:4
+testutil/test_constants.go:github-pat:363
+testutil/test_constants.go:github-pat:455