Skip to content

Harden workflow security, enhance .gitignore, and add status badges#11

Draft
Copilot wants to merge 3 commits intomasterfrom
copilot/configure-git-workflows-badge
Draft

Harden workflow security, enhance .gitignore, and add status badges#11
Copilot wants to merge 3 commits intomasterfrom
copilot/configure-git-workflows-badge

Conversation

Copy link

Copilot AI commented Feb 13, 2026
edited
Loading

Implements security hardening for GitHub Actions workflows, comprehensive .gitignore patterns for sensitive data, and adds workflow status visibility.

Security Enhancements

Workflow Permissions

  • Added explicit permissions: contents: read to CI workflow
  • Granular job-level permissions in wiki-management workflow
  • All workflows now follow principle of least privilege

API Key Handling

Before:

curl -s "${api_url}&apikey=${{ secrets.ETHERSCAN_API_KEY }}"

After:

env:
  ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
run: |
  curl -s "${api_url}&apikey=${ETHERSCAN_API_KEY}"

Environment variable usage enables GitHub's automatic secret masking and reduces process listing exposure.

Enhanced .gitignore

  • 12 categorized security sections (cryptographic material, cloud credentials, wallet files)
  • Bitcoin-specific patterns: wallet.dat, peers.dat, chainstate/, mempool.dat
  • Extended key formats: ECDSA, Ed25519, GPG, PGP
  • Cloud provider credentials: AWS, Azure, GCP
  • Lock file policy guidance

Visibility

Added workflow status badges to README:

  • CI
  • Etherscan API Integration
  • Wiki Management

Files Changed

  • .gitignore: +222 lines (reorganized with security categories)
  • .github/workflows/: Explicit permissions, safer secret handling
  • README.md: Status badges

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits February 13, 2026 14:23
@Kushmanmb
feat: enhance .gitignore, add workflow security, and status badges
583efaf 
- Enhanced .gitignore with comprehensive security best practices
- Added workflow status badges to README.md
- Improved workflow security with explicit permissions
- Moved API key to environment variable for safer handling
- Added detailed security comments and categories to .gitignore

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
docs: clarify .gitignore lock file policy and workflow permissions
d62e898 
- Improved lock file documentation in .gitignore with clear guidance
- Clarified workflow permissions comment in wiki-management.yml
- Addressed code review feedback

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
Copilot AI changed the title [WIP] Configure workflows and git badge for bitcoin creator Harden workflow security, enhance .gitignore, and add status badges Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kushmanmb Yaketh (Kushmanmb) Awaiting requested review from Kushmanmb Kushmanmb is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@Kushmanmb Yaketh (Kushmanmb)

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kushmanmb