Files
nas-tools/.gitleaks.toml
T
Gan, Jimmy 6c08fc007a
Deploy Dashboard (Dev) / Backend Tests (push) Successful in 20m13s
Deploy Dashboard (Dev) / Frontend Tests (push) Successful in 52s
Run Tests / Secret Detection (pull_request) Successful in 2m42s
Run Tests / Backend Tests (pull_request) Successful in 35m32s
Run Tests / Frontend Tests (pull_request) Failing after 47s
Deploy Dashboard (Dev) / Deploy to Dev (push) Failing after 3s
fix: configure npm registry mirror (npmmirror) in CI workflows
CI runner can't reach npmjs.org through GFW. Use npmmirror.com
mirror for npm package installs, same pattern as pip uses
Tsinghua mirror for backend deps.
2026-05-07 00:03:09 +08:00

66 lines
2.0 KiB
TOML

# Gitleaks configuration for NAS Tools
# Whitelist rules for known-safe patterns in tests, docs, and CI configs
[allowlist]
description = "Known safe patterns in test fixtures and CI configuration"
# Test secrets / example values used in CI and conftest
[[allowlist.rules]]
id = "generic-api-key"
description = "Test SECRET_KEY in CI env and conftest"
regexes = [
'''test-secret-key-for-ci-environment''',
'''test-secret-key-for-testing''',
'''os\.environ\.setdefault\(["']SECRET_KEY''',
'''SECRET_KEY: \$\{SECRET_KEY\}''',
'''SECRET_KEY=\$\{SECRET_KEY\}''',
]
# Telegram test tokens (empty or placeholder)
[[allowlist.rules]]
id = "telegram-bot-token"
description = "Placeholder Telegram tokens in CI config"
regexes = [
'''TELEGRAM_BOT_TOKEN:-''',
'''TELEGRAM_BOT_TOKEN=\$\{TELEGRAM_BOT_TOKEN''',
]
# Transmission test creds
[[allowlist.rules]]
id = "transmission-credentials"
description = "Test Transmission credentials in conftest"
regexes = [
'''TRANSMISSION_USER.*test-tx''',
'''TRANSMISSION_PASS.*test-tx''',
]
# SMTP test config
[[allowlist.rules]]
id = "smtp-credentials"
description = "SMTP env var references (not actual secrets)"
regexes = [
'''SMTP_USER\s*=\s*os\.getenv''',
'''SMTP_PASSWORD\s*=\s*os\.getenv''',
'''SMTP_TO\s*=\s*os\.getenv''',
]
# Gitea token env var references
[[allowlist.rules]]
id = "gitea-token"
description = "Gitea token env var references"
regexes = [
'''GITEA_TOKEN\s*=\s*os\.getenv''',
'''GITEA_TOKEN=\$\{GITEA_TOKEN\}''',
'''GITEA_TOKEN: \$\{GITEA_TOKEN\}''',
]
# Admin password hash env var reference
[[allowlist.rules]]
id = "admin-password-hash"
description = "Admin password hash env var references"
regexes = [
'''ADMIN_PASSWORD_HASH\s*=\s*os\.getenv''',
'''ADMIN_PASSWORD_HASH=\$\{ADMIN_PASSWORD_HASH\}''',
'''ADMIN_PASSWORD_HASH: \$\{ADMIN_PASSWORD_HASH\}''',
]