Fix wiki-management.yml: Exclude markdown code blocks from credential scanning

[Copilot]

The wiki-management.yml workflow fails on Private-Data-Handling.md because it detects example credentials in code blocks (e.g., api_key = "sk_live_1234567890abcdef") meant to demonstrate bad practices.

Changes

• Credential scanner: Strip markdown code blocks (```) before scanning using awk

  • Preserves directory structure when creating temp files to avoid collisions
  • Malformed blocks (odd number of markers) still get scanned
  • Inline code and indented blocks remain in scan scope

• Workflow triggers: Add workflow file path to pull_request.paths so changes to the workflow itself trigger runs

Approach

# Process each markdown file and strip code blocks
find wiki/ -name "*.md" -type f | while read -r file; do
  relative_path="${file#wiki/}"
  cleaned_file="$TEMP_DIR/$relative_path"
  mkdir -p "$(dirname "$cleaned_file")"
  
  awk '
    BEGIN { in_code_block = 0 }
    /^```/ { in_code_block = !in_code_block; next }
    !in_code_block { print }
  ' "$file" > "$cleaned_file"
done

# Scan cleaned files for patterns
grep -rniE "$pattern" "$TEMP_DIR"

Real credentials outside code blocks are still detected. Documentation examples in code blocks are excluded.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.