From aa40c42cabc43ea15d042abcee5beb96828b6847 Mon Sep 17 00:00:00 2001 From: "F." Date: Fri, 16 Jan 2026 12:39:26 +0100 Subject: [PATCH 1/3] ci(gitleaks): add GitHub Actions workflow for secret scanning - Add .github/workflows/gitleaks.yml to run Gitleaks on push, PRs, manual dispatch, and a daily 04:00 UTC cron. - Use actions/checkout@v4 (fetch-depth: 0) and gitleaks/gitleaks-action@v2 with GITHUB_TOKEN. chore(deps): bump klauspost/compress from v1.18.2 to v1.18.3 (go.mod/go.sum) --- .github/workflows/gitleaks.yml | 20 ++++++++++++++++++++ go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/gitleaks.yml diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..a06154f --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,20 @@ +--- +name: gitleaks +on: + pull_request: + push: + workflow_dispatch: + schedule: + # run once a day at 4 AM UTC + - cron: "0 4 * * *" +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/go.mod b/go.mod index 0a015bc..05a2bbc 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/gofiber/schema v1.6.0 // indirect github.com/gofiber/utils/v2 v2.0.0-rc.6 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/klauspost/compress v1.18.2 // indirect + github.com/klauspost/compress v1.18.3 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/philhofer/fwd v1.2.0 // indirect diff --git a/go.sum b/go.sum index fd7cca1..e79ab93 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ github.com/hyp3rd/ewrap v1.3.5 h1:qXnWrmTQEt6zeSap5I/c047GSFlq3L8zIxiqdB1W7MU= github.com/hyp3rd/ewrap v1.3.5/go.mod h1:Nf6m8teevefjvr3ejK47ofL4F05cKpMMGxt3TFIC+B8= github.com/hyp3rd/sectools v1.1.6 h1:7g9mh4qiit8snvwgjryHxVNDCcpeQ0C4/qPJbFs23Gg= github.com/hyp3rd/sectools v1.1.6/go.mod h1:9PBVgZP4rifD8rAs+5OGtQfg5U3fVwN1W4eUgnh1W64= -github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= -github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw= +github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/longbridgeapp/assert v1.1.0 h1:L+/HISOhuGbNAAmJNXgk3+Tm5QmSB70kwdktJXgjL+I= github.com/longbridgeapp/assert v1.1.0/go.mod h1:UOI7O3rzlzlz715lQm0atWs6JbrYGuIJUEeOekutL6o= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= From 1965f1a22a47bed2997077a0c75eecdd0ddc0987 Mon Sep 17 00:00:00 2001 From: "F." <62474964+hyp3rd@users.noreply.github.com> Date: Fri, 16 Jan 2026 12:44:45 +0100 Subject: [PATCH 2/3] Update .github/workflows/gitleaks.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/gitleaks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index a06154f..12df8f9 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -3,6 +3,8 @@ name: gitleaks on: pull_request: push: + branches: + - main workflow_dispatch: schedule: # run once a day at 4 AM UTC From 5e926802c214c590a94fdd02d030b08049a53bed Mon Sep 17 00:00:00 2001 From: "F." <62474964+hyp3rd@users.noreply.github.com> Date: Fri, 16 Jan 2026 12:44:52 +0100 Subject: [PATCH 3/3] Update .github/workflows/gitleaks.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/gitleaks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 12df8f9..67fd3fd 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -14,7 +14,7 @@ jobs: name: gitleaks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2