Skip to content

Commit bca2e70

Browse files
committed
chore(gitignore): production-hardening patterns
Adds the credential + cache + coverage patterns that were either missing or scattered across the existing .gitignore. Specifically: - *.pem / *.key / *.p12 / *.pfx / credentials*.json / secrets/ — never commit auth material to a public SDK repo. - _deps/ / build-*/ — explicit (build/ already covered the common case but downstream FetchContent + multi-config layouts can land these outside build/). - *.gcov / *.gcda / *.gcno / *.profraw / *.profdata / coverage/ — coverage instrumentation output. - .DS_Store / Thumbs.db — OS noise from cross-platform contributors. Idempotent: gated by a 'Production-hardening patterns' sentinel comment so re-running the patch script is safe.
1 parent 91f53ca commit bca2e70

1 file changed

Lines changed: 34 additions & 0 deletions

File tree

.gitignore

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,37 @@ Thumbs.db
1818
# Env
1919
.env
2020
*.pem
21+
22+
# === Production-hardening patterns (added 2026-05-02) ===
23+
# Credentials — never commit secrets to a public SDK
24+
*.pem
25+
*.key
26+
*.p12
27+
*.pfx
28+
credentials.json
29+
credentials*.json
30+
secrets/
31+
service-account*.json
32+
gha-secrets.txt
33+
34+
# Build cache
35+
_deps/
36+
build-*/
37+
38+
# Coverage + analysis artifacts
39+
*.gcov
40+
*.gcda
41+
*.gcno
42+
coverage/
43+
*.profraw
44+
*.profdata
45+
46+
# Sanitizer / valgrind output
47+
asan.log
48+
ubsan.log
49+
*.callgrind
50+
*.cachegrind
51+
52+
# OS noise
53+
.DS_Store
54+
Thumbs.db

0 commit comments

Comments
 (0)