fix: Check git-tracked status instead of file existence for secrets check

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-16 09:58:30 +09:00 · 2026-02-16 09:58:30 +09:00 · e6e45ffca4
parent f75549ab9a
commit e6e45ffca4
1 changed files with 3 additions and 3 deletions
--- a/.github/workflows/quality_check.yml
+++ b/.github/workflows/quality_check.yml
@ -36,11 +36,11 @@ jobs:

      - name: Check for secret files
        run: |
-          if [ -f "lib/secrets.local.dart" ]; then
-            echo "secrets.local.dart found in repository! This file contains API keys and must not be committed."
+          if git ls-files --error-unmatch lib/secrets.local.dart 2>/dev/null; then
+            echo "ERROR: secrets.local.dart is tracked by git! This file contains API keys and must not be committed."
            exit 1
          else
-            echo "secrets.local.dart is properly excluded"
+            echo "secrets.local.dart is properly excluded from git tracking"
          fi
          if grep -r "AIzaSy" lib/ --include="*.dart" 2>/dev/null; then
            echo "Possible API key found in source code!"