fix: Update GitHub Actions security check to validate correct files

- Check secrets.local.dart (contains API keys) instead of secrets.dart (routing only) - Add grep check for hardcoded API key patterns in source code Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-16 09:37:34 +09:00 · 2026-02-16 09:37:34 +09:00 · 234048e487
parent 4aeda91d10
commit 234048e487
1 changed files with 10 additions and 5 deletions
--- a/.github/workflows/quality_check.yml
+++ b/.github/workflows/quality_check.yml
@ -31,14 +31,19 @@ jobs:
      - name: Analyze code
        run: flutter analyze --no-fatal-infos --no-fatal-warnings

-      - name: Check for secrets.dart
+      - name: Check for secret files
        run: |
-          if [ -f "lib/secrets.dart" ]; then
-            echo "⚠️ Warning: secrets.dart found in repository!"
-            echo "This file should be in .gitignore"
+          if [ -f "lib/secrets.local.dart" ]; then
+            echo "secrets.local.dart found in repository! This file contains API keys and must not be committed."
            exit 1
          else
-            echo "✅ secrets.dart is properly excluded"
+            echo "secrets.local.dart is properly excluded"
+          fi
+          if grep -r "AIzaSy" lib/ --include="*.dart" 2>/dev/null; then
+            echo "Possible API key found in source code!"
+            exit 1
+          else
+            echo "No API keys found in source code"
          fi

      - name: Run tests (if exist)