denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor security scanning and database setup
Some checks failed
CI/CD Pipeline / test (push) Successful in 10m54s
Details
Security Scan / security (push) Failing after 5m21s
Details
CI/CD Pipeline / security (push) Successful in 5m25s
Details
CI/CD Pipeline / build (push) Failing after 2m27s
Details
CI/CD Pipeline / deploy (push) Has been skipped
Details

Browse Source 
- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy.
- Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.
This commit is contained in:
denshooter
2025-09-11 11:17:35 +02:00
parent c4bc27273e
commit f7e0172111
7 changed files with 127 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitea/workflows/security-scan.yml
View File

@@ -43,12 +43,12 @@ jobs:
- name: Check for secrets
run: |
echo "🔍 Checking for potential secrets..."
# Check for common secret patterns
if grep -r -i "password\|secret\|key\|token" --include="*.js" --include="*.ts" --include="*.json" . | grep -v node_modules | grep -v ".git" | grep -v "package-lock.json" | grep -v "test"; then
echo "⚠️ Potential secrets found in code"
exit 1
chmod +x scripts/check-secrets.sh
if ./scripts/check-secrets.sh; then
echo "✅ No secrets found in code"
else
echo "✅ No obvious secrets found"
echo "❌ Secrets detected - please review"
exit 1
fi
- name: Upload security scan results