Commit Graph

4 Commits

Author SHA1 Message Date
pezkuwichain 35c1ed3d38 fix: trigger CI workflows on master, not just main (#39)
master is where real development happens and gets pushed to directly
(main is the auto-synced mirror) - branch protection was just added to
master requiring these exact check contexts, but the workflows only
fired for PRs/pushes targeting main, so the required checks could never
actually run for a master PR, permanently blocking every future merge.
2026-07-09 04:31:39 -07:00
pezkuwichain a4e2038aac fix: exclude "account" field from hardcoded-private-key scan (false positive)
Every account_overrides.json/chains_for_testBalance.json entry has a
32-byte hex "account" field - a public AccountId32 (Substrate's public
account identifier), not a private key. The two share the same byte
length/hex format, but are fundamentally different: one is meant to be
public (it's literally how you address a chain account), the other
must stay secret. The scanner's regex can't tell them apart and flags
every single one, which just triggered a false "Possible private key
found" failure on PR #33 (the master->main sync).

This isn't a one-off - it'll fire on every future sync PR too, since
chains_for_testBalance.json always has these fields. Left as "FAILURE"
long-term, it trains reviewers to ignore this specific check, which is
exactly the alarm-fatigue failure mode that would let a real leaked
secret slip through unnoticed.
2026-07-08 09:46:58 -07:00
pezkuwichain c6a992c4e6 fix: exclude currencyIdScale from hardcoded secrets scan 2026-02-19 06:21:20 +03:00
pezkuwichain 0aeec6b566 ci: add Code Quality and Security workflows (Python lint, JSON validation, chain integrity, secret scan) 2026-02-19 05:56:31 +03:00