Skip to content

fix: Secrets in workflow files#151

Open
mrwind-up-bird wants to merge 2 commits intoSimplyLiz:developfrom
mrwind-up-bird:autofix/b3cf0967/secrets-in-workflow-files
Open

fix: Secrets in workflow files#151
mrwind-up-bird wants to merge 2 commits intoSimplyLiz:developfrom
mrwind-up-bird:autofix/b3cf0967/secrets-in-workflow-files

Conversation

@mrwind-up-bird
Copy link
Collaborator

@mrwind-up-bird mrwind-up-bird commented Mar 19, 2026

AutoFix: Secrets in workflow files

Category: security
Severity: high

Issue

GitHub Actions workflows contain hardcoded references to secrets like SLACK_WEBHOOK_URL and DISCORD_WEBHOOK_URL. While these use GitHub secrets, the workflow files themselves could expose webhook URLs if secrets are misconfigured or leaked through logs.

Fix

Added security documentation comments to warn about proper secret handling and ensure webhook URLs are never logged or exposed. The workflow already uses GitHub secrets correctly, so this is primarily adding documentation and awareness rather than changing functionality.

Generated by nyxCore AutoFix

@codecov
Copy link

codecov bot commented Mar 19, 2026

Codecov Report

❌ Patch coverage is 53.79630% with 998 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
cmd/ckb/setup.go 0.0% 161 Missing ⚠️
internal/suggest/analyzer.go 53.6% 142 Missing and 12 partials ⚠️
internal/testgap/analyzer.go 12.3% 140 Missing and 2 partials ⚠️
internal/query/compound_refactor.go 37.1% 105 Missing and 15 partials ⚠️
internal/query/prepare_rename.go 0.0% 70 Missing ⚠️
internal/mcp/server.go 19.1% 51 Missing and 4 partials ⚠️
internal/mcp/tool_impls_compound.go 46.3% 41 Missing and 10 partials ⚠️
internal/query/prepare_move.go 63.1% 32 Missing and 6 partials ⚠️
internal/audit/analyzer.go 21.0% 30 Missing ⚠️
internal/query/compound.go 25.0% 24 Missing and 3 partials ⚠️
... and 13 more
Additional details and impacted files 
@@            Coverage Diff            @@
##           develop    #151     +/-   ##
=========================================
+ Coverage     45.1%   45.6%   +0.5%     
=========================================
  Files          350     367     +17     
  Lines        59747   61934   +2187     
=========================================
+ Hits         26961   28278   +1317     
- Misses       30960   31741    +781     
- Partials      1826    1915     +89
Flag Coverage Δ
unit 45.6% <53.7%> (+0.5%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrwind-up-bird @SimplyLiz