From e80c8bb3bf75ffe39593d9f19225fa96a2b78b67 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 17:22:50 +0200
Subject: [PATCH] chore(security): add gitleaks config and update ignore list
 for test tokens (#195)

---
 .gitleaks.toml  | 13 +++++++++++++
 .gitleaksignore |  3 +++
 2 files changed, 16 insertions(+)
 create mode 100644 .gitleaks.toml

diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..c0c99b2
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,13 @@
+title = "gh-action-readme gitleaks configuration"
+
+[extend]
+useDefault = true
+
+# Allowlist for test files and fixtures that intentionally contain placeholder tokens.
+# These are not real secrets and are used only for testing purposes.
+[allowlist]
+description = "Test fixture files containing placeholder tokens"
+paths = [
+	'''^testutil/test_constants\.go$''',
+	'''^testdata/''',
+]
diff --git a/.gitleaksignore b/.gitleaksignore
index ee8eb5a..e8e758d 100644
--- a/.gitleaksignore
+++ b/.gitleaksignore
@@ -23,3 +23,6 @@ internal/wizard/validator_test.go:github-pat:204
 integration_test.go:github-pat:304
 internal/config_test.go:github-pat:133
 internal/config_test.go:github-pat:162
+testdata/yaml-fixtures/configs/global-config-default.yml:github-pat:4
+testutil/test_constants.go:github-pat:363
+testutil/test_constants.go:github-pat:455