Commit e26952f
ci: delete duplicate CodeQL workflow + fix Gitleaks to use free CLI
Two fixes for the 5 failing PR checks:
1. Delete codeql.yml (removes 4 red checks).
GitHub's default CodeQL setup (enabled in Security → Code scanning →
Default setup) already runs the same 4-language analysis on every PR
and passes. The workflow-file version was a duplicate with broken
autobuild settings for c-cpp. With it gone, the default setup is the
sole CodeQL runner — zero coverage lost.
2. Fix secret-scan.yml (removes 1 red check).
gitleaks-action@v2 went commercial in 2023 and requires a paid
license for GitHub organization accounts. Replaced with the gitleaks
CLI directly (MIT-licensed, free, same scanning engine). Downloads
gitleaks v8.21.2 binary and runs `gitleaks detect` against the full
git history using the repo's .gitleaks.toml config. Same coverage,
no license.
Final workflow set: pr-build.yml, release.yml, secret-scan.yml (3 files).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>1 parent 5b6875a commit e26952f
2 files changed
Lines changed: 17 additions & 110 deletions
This file was deleted.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
10 | 14 | | |
11 | 15 | | |
12 | 16 | | |
| |||
28 | 32 | | |
29 | 33 | | |
30 | 34 | | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
31 | 42 | | |
32 | | - | |
33 | | - | |
34 | | - | |
35 | | - | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
0 commit comments