From 234048e48717911877c1a4ff0c71efb0c9e606f7 Mon Sep 17 00:00:00 2001
From: Ponshu Developer <dev@ponshu.room>
Date: Mon, 16 Feb 2026 09:37:34 +0900
Subject: [PATCH] fix: Update GitHub Actions security check to validate correct
 files

- Check secrets.local.dart (contains API keys) instead of secrets.dart (routing only)
- Add grep check for hardcoded API key patterns in source code

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/quality_check.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/quality_check.yml b/.github/workflows/quality_check.yml
index fe9b732..a3510e9 100644
--- a/.github/workflows/quality_check.yml
+++ b/.github/workflows/quality_check.yml
@@ -31,14 +31,19 @@ jobs:
       - name: Analyze code
         run: flutter analyze --no-fatal-infos --no-fatal-warnings
 
-      - name: Check for secrets.dart
+      - name: Check for secret files
         run: |
-          if [ -f "lib/secrets.dart" ]; then
-            echo "⚠️ Warning: secrets.dart found in repository!"
-            echo "This file should be in .gitignore"
+          if [ -f "lib/secrets.local.dart" ]; then
+            echo "secrets.local.dart found in repository! This file contains API keys and must not be committed."
             exit 1
           else
-            echo "✅ secrets.dart is properly excluded"
+            echo "secrets.local.dart is properly excluded"
+          fi
+          if grep -r "AIzaSy" lib/ --include="*.dart" 2>/dev/null; then
+            echo "Possible API key found in source code!"
+            exit 1
+          else
+            echo "No API keys found in source code"
           fi
 
       - name: Run tests (if exist)