Skip to content

chore: harden public repo with CI security checks#124

Merged
nkdev-tech merged 2 commits into
mainfrom
chore/public-repo-hardening
Jun 15, 2026
Merged

chore: harden public repo with CI security checks#124
nkdev-tech merged 2 commits into
mainfrom
chore/public-repo-hardening

Conversation

@nkdev-tech

@nkdev-tech nkdev-tech commented Jun 15, 2026

Copy link
Copy Markdown
Owner

概要

public化に伴うCIセキュリティ補強と、リポジトリ名変更(memetec)の反映。

変更内容

CI(セキュリティ)

  • Dependency Review (dependency-review.yml): PRで新規に入る依存の脆弱性を検出(fail-on-severity: moderate)。public repoで利用可能
  • Gitleaks (gitleaks.yml): PR・main pushでシークレット混入を検出(fetch-depth: 0 で全履歴スキャン)

いずれもアクションはSHAピン留め(pinact の検証に準拠)、permissions: contents: read の最小権限で構成。

ドキュメント / 命名

  • README の表示名を memetec に更新
  • orval のプロジェクトキーを memetec にリネーム(機能影響なし)

補足

  • gitleaks-action は User アカウントのためライセンス不要
  • GITHUB_TOKEN はGitHub Actionsが自動発行する組み込みトークンで、追加設定は不要
  • D1データベース名 techbook-log はCloudflare側のリソース名のため変更していない

🤖 Generated with Claude Code

nkdev-tech and others added 2 commits June 15, 2026 15:01
@nkdev-tech @claude
ci: add dependency review and gitleaks workflows
d6d3bb0 
public化に伴うCI補強。
- dependency-review: PRで新規依存の脆弱性を検出(fail-on-severity: moderate)
- gitleaks: PR・main pushでシークレット混入を検出(全履歴スキャン)
いずれもアクションはSHAピン留め、permissionsは contents: read の最小権限。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@nkdev-tech @claude
docs: rename project to memetec
7a44718 
リポジトリ名変更に合わせ、READMEの表示名とorvalのプロジェクトキーをmemetecに更新。

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@nkdev-tech nkdev-tech merged commit 786d813 into main Jun 15, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nkdev-tech