From 8a021bf8b0b847c57bb95eb328b6470ba7fd2429 Mon Sep 17 00:00:00 2001
From: ruben-cytonic <ruben@cytonic.com>
Date: Wed, 11 Feb 2026 12:03:18 +0000
Subject: [PATCH] chore(ci): remove gitleaks secret detection workflow

GitHub's built-in secret scanning covers this. Removes the gitleaks job
from the security workflow and cleans up the .gitleaks.toml reference
from auto-label.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/auto-label.yml |  1 -
 .github/workflows/security.yml   | 15 ---------------
 2 files changed, 16 deletions(-)

diff --git a/.github/workflows/auto-label.yml b/.github/workflows/auto-label.yml
index 912ea88..bd7dee5 100644
--- a/.github/workflows/auto-label.yml
+++ b/.github/workflows/auto-label.yml
@@ -34,7 +34,6 @@ jobs:
               - '.github/workflows/security.yml'
               - '.coderabbit.yaml'
               - 'SECURITY.md'
-              - '.gitleaks.toml'
             config:
               - 'package.json'
               - 'tsconfig.json'
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 317df52..5b84dcd 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -55,21 +55,6 @@ jobs:
         with:
           config-file: './.github/dependency-review-config.yml'
 
-  # Secret scanning with Gitleaks
-  gitleaks:
-    name: Secret Detection
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Gitleaks Scan
-        uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   # OSSF Scorecard for supply chain security
   scorecard:
     name: OSSF Scorecard