Skip to content

chore(betterleaks): bump v1.2.0 to v1.3.0#40

Merged
dkastl merged 1 commit into
mainfrom
chore/betterleaks-v1.3.0
May 22, 2026
Merged

chore(betterleaks): bump v1.2.0 to v1.3.0#40
dkastl merged 1 commit into
mainfrom
chore/betterleaks-v1.3.0

Conversation

@dkastl

@dkastl dkastl commented May 22, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

Bumps the pinned betterleaks version in both org-wide call sites in this repo from v1.2.0 to v1.3.0:

  • .github/workflows/reusable-secret-leak-check.yml: default betterleaks-image input pinned to the v1.3.0 image digest (sha256:7770e01586febef62452a4042c8c658a5db3e354ecefd36a97c0f322616acab8).
  • betterleaks/.pre-commit-config.example.yaml: rev: v1.3.0 so freshly-installed pre-commit hooks match the per-PR scanner.

Upstream release: https://github.com/betterleaks/betterleaks/releases/tag/v1.3.0 (published 2026-05-20, currently marked isLatest).

Out of scope

The org-wide config (betterleaks/default.toml) is version-agnostic and stays put.

A companion PR in geolonia-operations will bump the weekly cron workflow and the handbook docs, and close the upstream-release tracking issue geolonia-operations#95.

Test plan

  • Manual review of the diff
  • CodeRabbit review
  • After merge, next per-PR Secret Leak Check workflow run uses the v1.3.0 image
  • A freshly-installed .pre-commit-config.example.yaml instance resolves to the v1.3.0 hook

Summary by CodeRabbit

  • Chores
    • Updated secret leak detection tools to version 1.3.0 across continuous integration workflows and local development configurations for consistency.

Review Change Stack

@dkastl
chore(betterleaks): bump v1.2.0 to v1.3.0
95b2795 
Updates both call sites in this repo:

- .github/workflows/reusable-secret-leak-check.yml: default
  `betterleaks-image` input pinned to v1.3.0 digest
  (sha256:7770e01586febef62452a4042c8c658a5db3e354ecefd36a97c0f322616acab8).
- betterleaks/.pre-commit-config.example.yaml: `rev` bumped to v1.3.0
  so newly-installed pre-commit hooks match the per-PR scanner.

Upstream release: https://github.com/betterleaks/betterleaks/releases/tag/v1.3.0
(published 2026-05-20).

The org-wide config (betterleaks/default.toml) is version-agnostic
and needs no change.

A companion PR in geolonia-operations bumps the weekly cron and the
handbook docs.
@coderabbitai

coderabbitai Bot commented May 22, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2b7f6746-83b8-4f3f-a918-f7ef17e6129b

📥 Commits

Reviewing files that changed from the base of the PR and between 997dac2 and 95b2795.

📒 Files selected for processing (2)
  • .github/workflows/reusable-secret-leak-check.yml
  • betterleaks/.pre-commit-config.example.yaml

Walkthrough

This PR updates the betterleaks secret leak detection tool from v1.2.0 to v1.3.0 in two places: the GitHub Actions workflow's pinned container image digest and the example pre-commit configuration hook revision.

Changes

Betterleaks Version Upgrade

Layer / File(s) Summary
Update betterleaks version pins
.github/workflows/reusable-secret-leak-check.yml, betterleaks/.pre-commit-config.example.yaml		 The betterleaks container image digest (v1.2.0 → v1.3.0) and pre-commit hook revision (v1.2.0 → v1.3.0) are synchronized to the same release version across both integration points.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

  • geolonia/geolonia-operations#95: Directly addresses the upstream betterleaks v1.3.0 release by updating workflow and pre-commit tool pins.
  • geolonia/geolonia-operations#79: Related through shared betterleaks version pinning updates across workflow and pre-commit integration points.

Possibly related PRs

  • geolonia/.github#38: Both PRs modify betterleaks version pins but in different integration points (workflow vs. pre-commit config).
  • geolonia/.github#24: The retrieved PR initially added the reusable-secret-leak-check.yml workflow that this PR now updates with the v1.3.0 container digest.
  • geolonia/.github#34: Both PRs touch the secret leak check setup by modifying the betterleaks-pinned workflow configuration.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: bumping betterleaks from v1.2.0 to v1.3.0 across the repository's configuration files.
Description check ✅ Passed The description comprehensively covers the changes, includes specific file locations, upstream release links, scope clarifications, and a detailed test plan, aligning well with the template.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/betterleaks-v1.3.0

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented May 22, 2026

Copy link
Copy Markdown

Secret Leak Check

OK No secrets detected in this PR's diff.

@dkastl dkastl merged commit d29c964 into main May 22, 2026
2 checks passed
@dkastl dkastl deleted the chore/betterleaks-v1.3.0 branch May 22, 2026 07:12
This was referenced May 24, 2026
Closed
Merged
dkastl added a commit that referenced this pull request May 24, 2026
@dkastl
chore(betterleaks): bump v1.3.0 to v1.3.1 (#42)
eee5e1c 
Upstream release:
https://github.com/betterleaks/betterleaks/releases/tag/v1.3.1

- .github/workflows/reusable-secret-leak-check.yml: default
  betterleaks-image digest pinned to v1.3.1
  (sha256:0ea9c1f011aa085efd9b27a195f5b70feb91a56fcbbdb8809a345caaf2c7d961).
- betterleaks/.pre-commit-config.example.yaml: rev bumped so local
  pre-commit and per-PR CI keep using the same rule shapes.

Companion to geolonia/geolonia-operations#107 which bumps the weekly
org-wide audit. Mirrors the v1.2.0 -> v1.3.0 split (this repo #40 +
operations #103).

Closes #41.
@coderabbitai coderabbitai Bot mentioned this pull request May 24, 2026
Merged
4 tasks
@coderabbitai coderabbitai Bot mentioned this pull request Jun 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dkastl