[BUG]: Example RSA Private Key triggers Secret Blocker precommit-hook

octokit / openapi-types.ts

Generated TypeScript definitions based on GitHub's OpenAPI spec

MIT License

37 stars 10 forks source link

[BUG]: Example RSA Private Key triggers Secret Blocker precommit-hook #426

Open timreibe opened 3 weeks ago

timreibe commented 3 weeks ago

What happened?

While building a private action, the commit was blocked by our secret blocker. The secret blocker was triggered by the example RSA Private key in file types.d.ts (line 9570 and 11702).

/** @example "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIB

Versions

@octokit/openapi-types version 22.2.0

installed with

npm install @actions/core
npm install @actions/github

Using node v20.14.0

Relevant log output

No response

Code of Conduct

[X] I agree to follow this project's Code of Conduct

github-actions[bot] commented 3 weeks ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

gr2m commented 3 weeks ago

Hmm interesting bug 😁 These files are generated, we do not write any of them manually. They are based on the files at https://github.com/github/rest-api-description, could you please file an issue there?

For what it's worth, I think your secret blocker should ignore comments 🤔 I wonder how GitHub is handling this with its own secret scanners