Skip to content

feat: add secretlint#72

Merged
jhnns merged 15 commits intomainfrom
add-secretlint
Apr 23, 2026
Merged

feat: add secretlint#72
jhnns merged 15 commits intomainfrom
add-secretlint

Conversation

@niklashaug
Copy link
Copy Markdown
Member

@niklashaug niklashaug commented Apr 2, 2026

closes #69

This introduces secretlint into the template, running both locally in the pre-commit hook as well as in GitHub Actions.

@niklashaug niklashaug requested review from Copilot and jhnns and removed request for jhnns April 2, 2026 15:02
niklashaug
niklashaug commented Apr 2, 2026
View reviewed changes
Comment thread .github/workflows/secretlint.yml Outdated
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Secretlint-based secret scanning to the template to catch leaked credentials both before commits (via lint-staged) and in CI (via a dedicated GitHub Actions workflow), addressing #69’s request for an npm-installable alternative to tools like gitleaks.

Changes:

  • Add secretlint and the recommended preset to devDependencies.
  • Run Secretlint in the pre-commit pipeline via lint-staged.
  • Add .secretlintrc.json and a new GitHub Actions workflow to run Secretlint in CI.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
package.json Adds Secretlint and its recommended rules preset as dev dependencies.
package-lock.json Locks Secretlint and transitive dependencies for reproducible installs.
lint-staged.config.js Runs Secretlint on staged files as part of pre-commit checks.
.secretlintrc.json Introduces the Secretlint configuration using the recommended preset.
.github/workflows/secretlint.yml Adds a CI workflow to run Secretlint on pushes/PRs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/secretlint.yml Outdated
Comment thread .github/workflows/secretlint.yml Outdated
Comment thread .github/workflows/secretlint.yml Outdated
@niklashaug
Copy link
Copy Markdown
Member Author

niklashaug commented Apr 2, 2026
edited
Loading

I still need to test locally if I get an error when trying to commit a secret. I just did that but got no error. Not sure whether the pre-commit hooks actually run. All I need for Husky is to npm install, right?

Edit: works now, my commit gets rejected when I try to add credentials.

@niklashaug niklashaug mentioned this pull request Apr 9, 2026
Open
niklashaug
niklashaug commented Apr 14, 2026
View reviewed changes
Comment thread .github/workflows/secretlint.yml Outdated
@niklashaug niklashaug requested a review from jhnns April 14, 2026 10:00
@jhnns
Copy link
Copy Markdown
Member

jhnns commented Apr 23, 2026
edited
Loading

Thanks @niklashaug

I refactored the GitHub action a little bit to not install all npm dependencies again as this can get quite large in bigger projects. We now use the Docker image based on the package.json version. I also aligned it a little bit with #78

I made a test commit locally (it got rejected ✅) and also pushed it via --no-verify: the GitHub action failed as expected.

@jhnns jhnns merged commit c6588e0 into main Apr 23, 2026
3 checks passed
@jhnns jhnns deleted the add-secretlint branch April 23, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jhnns jhnns Awaiting requested review from jhnns

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add secret detection tool like gitleaks

3 participants

@niklashaug @jhnns