Description
The action currently generates a suggestion block intended to allow users to create or update the .infisicalignore file directly from the pull request comment when secrets are detected.
however, GitHub only renders commit suggestion buttons inside pull request review comments, not inside regular PR comments. because the action posts a normal PR comment, the suggestion block is displayed as plain markdown instead of an actionable commit suggestion.
this affects versions:
the intended behavior is to generate a pull request review suggestion so contributors can apply ignore fingerprints directly from the PR UI.
this issue tracks the implementation of review-based suggestions planned for the next release (target: v5.0.3).
expected behavior
when leaked secrets are detected:
- the action should generate a pull request review suggestion
- the suggestion should target
.infisicalignore
- GitHub should display a commit suggestion button
- users should be able to apply the ignore fingerprints directly from the PR interface
current behavior
- suggestion block is generated
- suggestion block appears inside a normal PR comment
- GitHub does not render a commit suggestion button
- users must manually copy the fingerprints into
.infisicalignore
proposed solution
update the workflow to:
- create a pull request review instead of a standard PR comment
- attach the suggestion block to the review body
- ensure duplicate suggestions are avoided on workflow re-runs
acceptance criteria
Logs
Here is a simple code that should trigger the suggestion button:
> [!TIP]
> You can commit the fingerprint list below to automatically create or update `.infisicalignore`:
```suggestion: .infisicalignore
04bb43f9ea82d8b1fcc3446ad101b583c0681950:Src/VisualizadorDePedidos/App_Start/Bootstrapper.cs:generic-api-key:98
1fef482e4c472755e41574b8267e67b56b07d985:Src/VisualizadorDePedidos/App_Start/Bootstrapper.cs:generic-api-key:67
1fef482e4c472755e41574b8267e67b56b07d985:Src/VisualizadorDePedidos/Views/Shared/_Layout.cshtml:generic-api-key:88
2736cc1edba6d86651db91698e4ad02207a75f11:VisualizadorDePedidos.Domain/Configuration/ISFWConfiguration.cs:generic-api-key:23
5c9e57a7dda8e50ccb7e5f28ac58448f237747b7:VisualizadorDePedidos/App_Start/BootStrapper.cs:generic-api-key:72
5c9e57a7dda8e50ccb7e5f28ac58448f237747b7:VisualizadorDePedidos/Views/Shared/_Layout.cshtml:generic-api-key:258
e07fd90f0ff730d6d0ff643a5cb50a4167714c9b:VisualizadorDePedidos/App_Start/Bootstrapper.cs:generic-api-key:74
e962fb8df6d549efc31d70f6fb00d6bf8faa7b29:NuGet.Config:github-pat:11
e962fb8df6d549efc31d70f6fb00d6bf8faa7b29:NuGet.Config:nuget-config-password:11
### Screenshots
<img width="1525" height="699" alt="Image" src="https://github.com/user-attachments/assets/058d9d5e-a79d-4b00-80ca-43fd1fd92a44" />
### Additional information
_No response_
github-actions
Description
The action currently generates a suggestion block intended to allow users to create or update the
.infisicalignorefile directly from the pull request comment when secrets are detected.however, GitHub only renders commit suggestion buttons inside pull request review comments, not inside regular PR comments. because the action posts a normal PR comment, the suggestion block is displayed as plain markdown instead of an actionable commit suggestion.
this affects versions:
the intended behavior is to generate a pull request review suggestion so contributors can apply ignore fingerprints directly from the PR UI.
this issue tracks the implementation of review-based suggestions planned for the next release (target: v5.0.3).
expected behavior
when leaked secrets are detected:
.infisicalignorecurrent behavior
.infisicalignoreproposed solution
update the workflow to:
acceptance criteria
.infisicalignoreis created if missingLogs
Here is a simple code that should trigger the suggestion button: