Refactor security scanning and database setup

- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy. - Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.
2025-09-11 11:17:35 +02:00
parent c4bc27273e
commit f7e0172111
7 changed files with 127 additions and 25 deletions
@@ -43,12 +43,12 @@ jobs:
      - name: Check for secrets
        run: |
          echo "🔍 Checking for potential secrets..."
-          # Check for common secret patterns
-          if grep -r -i "password\|secret\|key\|token" --include="*.js" --include="*.ts" --include="*.json" . | grep -v node_modules | grep -v ".git" | grep -v "package-lock.json" | grep -v "test"; then
-            echo "⚠️ Potential secrets found in code"
-            exit 1
+          chmod +x scripts/check-secrets.sh
+          if ./scripts/check-secrets.sh; then
+            echo "✅ No secrets found in code"
          else
-            echo "✅ No obvious secrets found"
+            echo "❌ Secrets detected - please review"
+            exit 1
          fi

      - name: Upload security scan results