From 31364f3995043dafb8a74b9f5416c99152a99bb7 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 28 Feb 2025 09:29:15 +0100
Subject: [PATCH 1/2] Improve the gitleaks configuration

---
 .gitleaks.toml                         | 14 +++++++++-----
 modules/mcg-deploying-mcg-pattern.adoc |  2 +-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/.gitleaks.toml b/.gitleaks.toml
index 6c652a062..0828c5557 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -1,6 +1,10 @@
-[whitelist]
-# As of v4, gitleaks only matches against filename, not path in the
-# files directive.  Leaving content for backwards compatibility.
-files = [
-  "secrets/*",
+[allowlist]
+paths =
+  '''.*\.html$''',
+]
+
+regexes = [
+  # Ignore lines containing these
+  '''oc login''',
+  '''sha256~AUv_4DGQoFMVzmdO3cg3v4vnUuaV3lYcy6N2SCwVOz4''',
 ]
diff --git a/modules/mcg-deploying-mcg-pattern.adoc b/modules/mcg-deploying-mcg-pattern.adoc
index 316726e12..e291274d3 100644
--- a/modules/mcg-deploying-mcg-pattern.adoc
+++ b/modules/mcg-deploying-mcg-pattern.adoc
@@ -249,7 +249,7 @@ $ cd /path/to/your/repository
 +
 [source,terminal]
 ----
-$ oc login --token=sha256~AUv_4DGQoFMVzmdO3cg3v4vnUuaV3lYcy6N2SCwVOz4 --server=https://api.<your-cluster>.<domain>:6443
+$ oc login --token=<retrieved-token> --server=https://api.<your-cluster>.<domain>:6443
 ----
 
 . Alternatively log in by running the following command: 

From 2b9e2b8e6eca55b5810551fc4732a123f643557a Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 28 Feb 2025 09:39:49 +0100
Subject: [PATCH 2/2] Add a gitleaks super-linter action

---
 .github/linters/.gitleaks.toml    | 11 +++++++++++
 .github/workflows/superlinter.yml | 30 ++++++++++++++++++++++++++++++
 .gitleaks.toml                    | 11 +----------
 Makefile                          | 10 ++++++++++
 4 files changed, 52 insertions(+), 10 deletions(-)
 create mode 100644 .github/linters/.gitleaks.toml
 create mode 100644 .github/workflows/superlinter.yml
 mode change 100644 => 120000 .gitleaks.toml

diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml
new file mode 100644
index 000000000..70b45769f
--- /dev/null
+++ b/.github/linters/.gitleaks.toml
@@ -0,0 +1,11 @@
+[allowlist]
+paths = [
+  '''.*\.html$''',
+  '''content\/patterns\/ansible-edge-gitops-kasten\/ideas-for-customization\.md''',
+]
+
+regexes = [
+  # Ignore lines containing these
+  '''oc login''',
+  '''sha256~AUv_4DGQoFMVzmdO3cg3v4vnUuaV3lYcy6N2SCwVOz4''',
+]
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
new file mode 100644
index 000000000..30e93f007
--- /dev/null
+++ b/.github/workflows/superlinter.yml
@@ -0,0 +1,30 @@
+---
+name: Super linter
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    # Name the Job
+    name: Super linter
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: super-linter/super-linter/slim@v7
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # These are the validation we disable atm
+          VALIDATE_GITLEAKS: true
diff --git a/.gitleaks.toml b/.gitleaks.toml
deleted file mode 100644
index 0828c5557..000000000
--- a/.gitleaks.toml
+++ /dev/null
@@ -1,10 +0,0 @@
-[allowlist]
-paths =
-  '''.*\.html$''',
-]
-
-regexes = [
-  # Ignore lines containing these
-  '''oc login''',
-  '''sha256~AUv_4DGQoFMVzmdO3cg3v4vnUuaV3lYcy6N2SCwVOz4''',
-]
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 120000
index 000000000..c05303b9e
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1 @@
+.github/linters/.gitleaks.toml
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 8393bb3fd..2e04644e7 100644
--- a/Makefile
+++ b/Makefile
@@ -70,3 +70,13 @@ lintwordlist: ## Sorts and removes duplicates from spellcheck exception file .wo
 .PHONY: clean
 clean: ## Removes any unneeded spurious files
 	@rm -rvf ./.jekyll-cache ./_site ./tmp super-linter.log dictionary.dic public/*
+
+.PHONY: super-linter
+super-linter: ## Runs super linter locally
+	rm -rf .mypy_cache
+	podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true	\
+					-e VALIDATE_GITLEAKS=true \
+					$(DISABLE_LINTERS) \
+					-v $(PWD):/tmp/lint:rw,z \
+					-w /tmp/lint \
+					ghcr.io/super-linter/super-linter:slim-v7