From 3a33b7f5eced122c668040dc23affad4c8c85556 Mon Sep 17 00:00:00 2001
From: Shaishav Pidadi <shaivpidadi@gmail.com>
Date: Fri, 24 Apr 2026 19:23:57 -0400
Subject: [PATCH] ci: remove gitleaks secret-scan job (ADR-001)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ADR-001 mandates GitHub-native secret scanning only — never gitleaks
or alternatives. GitHub native secret scanning remains enabled at the
repo level and covers this surface.

Refs: GOV-1865
---
 .github/workflows/ci.yml | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 88f6de2..be5796f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -66,15 +66,3 @@ jobs:
 
       - name: pytest with coverage (≥80% required)
         run: pytest tests/ -v --tb=short --cov=app --cov-report=term-missing --cov-fail-under=80
-
-  secret-scan:
-    name: Secret Scan
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}