fix: repo review improvements — governance docs, gitleaks, tooling#8
fix: repo review improvements — governance docs, gitleaks, tooling#8BreakableHoodie merged 3 commits intomainfrom
Conversation
- Correct CODEOWNERS propagation docs: CODEOWNERS in the org .github repo does NOT apply to other org repos; each project must manage its own. Reframed guidance so organizers are not a required reviewer across the whole org. - Add break-glass procedure for merging Copilot-authored PRs blocked by enforce_admins + Copilot-authorship restriction. - Merge gitleaks-response.md: combined the more actionable .github/docs/ version (Quick Checklist, real-secret vs. false-positive branches) with the structured docs/ version; deleted the now-orphaned duplicate. - Bump Gitleaks from v8.18.2 to v8.30.1. - Add .gitleaks.toml config skeleton for per-repo false-positive allowlists. - Add .gitignore (.DS_Store, IDE dirs, .qodo/). - Update README.md to list the docs/ governance directory. - Replace vestigial SECURITY.md version table with a meaningful policy-maintenance note including last-reviewed and next-review dates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Trim to five links: website, events, Slack, feedback portal, CoLab. Removes active-projects board and schedule links per organizer preference. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 017636623b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -0,0 +1,13 @@ | |||
| title = "CivicTechWR Gitleaks Config" | |||
There was a problem hiding this comment.
This new config file is loaded automatically by gitleaks detect --source ., and in Gitleaks a custom config does not include built-in rules unless [extend] useDefault = true is set. Because this file only defines a global allowlist and no [[rules]] or extend block, scans will effectively run with no detectors and can miss real secrets while still reporting success.
Useful? React with 👍 / 👎.
Without [extend] useDefault = true, a custom Gitleaks config replaces all built-in detection rules, leaving the scanner with nothing to match against. Flagged by Codex review on PR #8. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Good catch by @chatgpt-codex-connector — fixed in 243d039. Added |
Summary
Testing / Checks
|
1 participant
Summary
.githubrepo does NOT propagate to other repos. Reframed guidance so each project team manages its own review gates; organizers are no longer implied as default reviewers across the whole org.enforce_adminsDELETE/POST pattern for merging Copilot-authored PRs blocked by GitHub's authorship restriction..github/docs/version (Quick Checklist, real-vs-false-positive branching, exact commands) with the structured rootdocs/version; deleted the orphaned duplicate..gitleaks.toml— config skeleton so projects can add false-positive allowlists without editing the workflow..gitignore— suppresses.DS_Store, IDE dirs,.qodo/.docs/governance directory in Contents.Test plan
docs/gitleaks-response.mdis the only copy (.github/docs/version deleted)🤖 Generated with Claude Code