Skip to content

fix(ci): scope gitleaks to merge_group commit range (#327)#335

Merged
krokoko merged 1 commit into
mainfrom
fix/327-merge-group-gitleaks-range
Jun 12, 2026
Merged

fix(ci): scope gitleaks to merge_group commit range (#327)#335
krokoko merged 1 commit into
mainfrom
fix/327-merge-group-gitleaks-range

Conversation

@krokoko

@krokoko krokoko commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Fixes #336

Merge-queue runs of security-pr.yml left GITLEAKS_RANGE empty, which triggered a full-history gitleaks scan and failed on secrets living on other branches — ejecting otherwise-green PRs (e.g. #334) from the queue.

Use merge_group.base_sha..head_sha for queued merges and HEAD for manual dispatch instead of scanning all reachable refs.

Area

  • cdk — infrastructure, handlers, constructs
  • agent — Python runtime / Docker image
  • clibgagent client
  • docs — guides or design sources (docs/guides/, docs/design/)
  • tooling — root mise.toml, scripts, CI workflows

Tip: AGENTS.md lists where to edit and which tests to extend.

Related

Changes

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@cursoragent
fix(ci): scope gitleaks to merge_group commit range (#327)
62d8b8e 
Merge-queue runs of security-pr.yml left GITLEAKS_RANGE empty, which
triggered a full-history gitleaks scan and failed on secrets living on
other branches — ejecting otherwise-green PRs (e.g. #334) from the queue.

Use merge_group.base_sha..head_sha for queued merges and HEAD for manual
dispatch instead of scanning all reachable refs.

Co-authored-by: Cursor <cursoragent@cursor.com>
@krokoko krokoko requested a review from a team as a code owner June 12, 2026 22:35
@krokoko krokoko enabled auto-merge June 12, 2026 22:38
scottschreckengaust
scottschreckengaust approved these changes Jun 12, 2026
View reviewed changes

@scottschreckengaust scottschreckengaust left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@krokoko krokoko added this pull request to the merge queue Jun 12, 2026
Merged via the queue into main with commit 20c01e4 Jun 12, 2026
8 of 9 checks passed
@krokoko krokoko deleted the fix/327-merge-group-gitleaks-range branch June 12, 2026 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scottschreckengaust scottschreckengaust scottschreckengaust approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(ci): security-pr gitleaks scans full history on merge_group, deadlocking the merge queue

2 participants

@krokoko @scottschreckengaust