Skip to content

Add .infisicalignore commit suggestion support to PR comments +semver: major #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
guibranco merged 1 commit into from
Apr 12, 2026
Merged

Add .infisicalignore commit suggestion support to PR comments +semver: major #160

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 40 additions & 1 deletion action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,43 @@ runs:
with:
path: fingerprint.txt

- name: Check if .infisicalignore exists
id: ignorefile
shell: bash
if: env.SECRETS_FOUND == 'true'
run: |
if [[ -f ".infisicalignore" ]]; then
echo "exists=true" >> $GITHUB_OUTPUT
else
echo "exists=false" >> $GITHUB_OUTPUT
fi

- name: Prepare ignore file suggestion
id: ignore_suggestion
shell: bash
if: env.SECRETS_FOUND == 'true'
run: |
echo "Preparing suggestion block..."

if [[ "${{ steps.ignorefile.outputs.exists }}" == "true" ]]; then
echo "Appending fingerprints to existing .infisicalignore"
cat .infisicalignore > new-ignorefile.txt
echo "" >> new-ignorefile.txt
cat fingerprint.txt >> new-ignorefile.txt
else
echo "Creating new .infisicalignore"
cat fingerprint.txt > new-ignorefile.txt
fi

# Remove duplicates (optional improvement)
sort -u new-ignorefile.txt -o new-ignorefile.txt

echo "suggestion<<EOF" >> $GITHUB_OUTPUT
echo '```suggestion:.infisicalignore' >> $GITHUB_OUTPUT
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Apr 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: GitHub suggestion blocks don’t support specifying a filename, which may prevent this from rendering as an apply‑patch suggestion.

GitHub expects the marker to be exactly suggestion followed by the replacement text and then on its own line. The :.infisicalignore suffix isn’t supported and will cause a plain code block instead of an interactive suggestion. To fix this, update the line to:

echo '```suggestion' >> $GITHUB_OUTPUT

so the output is treated as an apply‑patch suggestion.

Suggested change
echo '```suggestion:.infisicalignore' >> $GITHUB_OUTPUT
echo '```suggestion' >> $GITHUB_OUTPUT

cat new-ignorefile.txt >> $GITHUB_OUTPUT
echo '```' >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: Update PR with comment (success)
uses: mshick/add-pr-comment@v3
if: env.SCAN_RAN == 'true' && env.SECRETS_FOUND == 'false' && env.FORKED == 'false' && inputs.ADD_COMMENT == 'true'
Expand Down Expand Up @@ -343,7 +380,9 @@ runs:
</details>

> [!TIP]
> If you want to ignore these leaked secrets, add the above **fingerprint** content to a file named `.infisicalignore` at the repository root level.
> You can commit the fingerprint list below to automatically create or update `.infisicalignore`:

${{ steps.ignore_suggestion.outputs.suggestion }}

- name: Update PR with comment (tool failure)
uses: mshick/add-pr-comment@v3
Expand Down
Loading