From 91f579d17ce11f77c8b09a8eb92cf6c683d2ece0 Mon Sep 17 00:00:00 2001
From: Garret Patten <garret.patten@proton.me>
Date: Fri, 14 Nov 2025 20:06:16 -0500
Subject: [PATCH 1/5] fix workflows

---
 .github/workflows/quality-checks.yaml  |  1 +
 .github/workflows/security-checks.yaml | 13 +++++++++++++
 .github/workflows/semgrep-scan.yaml    | 19 -------------------
 .github/workflows/trufflehog-scan.yaml | 25 -------------------------
 4 files changed, 14 insertions(+), 44 deletions(-)
 create mode 100644 .github/workflows/security-checks.yaml
 delete mode 100644 .github/workflows/semgrep-scan.yaml
 delete mode 100644 .github/workflows/trufflehog-scan.yaml

diff --git a/.github/workflows/quality-checks.yaml b/.github/workflows/quality-checks.yaml
index 303cc73..792539f 100644
--- a/.github/workflows/quality-checks.yaml
+++ b/.github/workflows/quality-checks.yaml
@@ -4,6 +4,7 @@ on: pull_request
 
 jobs:
   quality-checks:
+    name: 'Linters'
     uses: garretpatten/quality-checks/.github/workflows/quality-checks.yaml@master
     with:
       actionlint_run: true
diff --git a/.github/workflows/security-checks.yaml b/.github/workflows/security-checks.yaml
new file mode 100644
index 0000000..883ff0b
--- /dev/null
+++ b/.github/workflows/security-checks.yaml
@@ -0,0 +1,13 @@
+name: 'Security Checks'
+
+on: pull_request
+
+jobs:
+  scans:
+    name: 'Scans'
+    uses: garretpatten/security-checks/.github/workflows/security-checks.yaml@master
+    with:
+      semgrep_run: true
+      trufflehog_run: true
+    secrets: inherit
+
diff --git a/.github/workflows/semgrep-scan.yaml b/.github/workflows/semgrep-scan.yaml
deleted file mode 100644
index 39817d2..0000000
--- a/.github/workflows/semgrep-scan.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: Semgrep Scan
-
-permissions:
-  contents: read
-
-on: pull_request
-
-jobs:
-  semgrep-scan:
-    name: semgrep-scan
-    runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep
-
-    if: (github.actor != 'dependabot[bot]')
-    steps:
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-
-      - run: semgrep ci --config=auto
diff --git a/.github/workflows/trufflehog-scan.yaml b/.github/workflows/trufflehog-scan.yaml
deleted file mode 100644
index b7052f6..0000000
--- a/.github/workflows/trufflehog-scan.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Trufflehog Scan
-
-permissions:
-  contents: read
-
-on: pull_request
-
-jobs:
-  Trufflehog:
-    runs-on: ubuntu-latest
-
-    if: ${{ github.actor != 'dependabot[bot]' }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-        with:
-          fetch-depth: 0
-
-      - name: Trufflehog
-        uses: trufflesecurity/trufflehog@58222610ff8ff7a3069d2422276bf28ad52a743f
-        with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
-          extra_args: --exclude-paths=.truffleignore --only-verified

From 59fd9810e3599cb1320c42fa53172c1aa6fbcf18 Mon Sep 17 00:00:00 2001
From: Garret Patten <garret.patten@proton.me>
Date: Fri, 14 Nov 2025 20:06:57 -0500
Subject: [PATCH 2/5] prettier

---
 .github/workflows/security-checks.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/security-checks.yaml b/.github/workflows/security-checks.yaml
index 883ff0b..f9a63d2 100644
--- a/.github/workflows/security-checks.yaml
+++ b/.github/workflows/security-checks.yaml
@@ -10,4 +10,3 @@ jobs:
       semgrep_run: true
       trufflehog_run: true
     secrets: inherit
-

From a5a992b78c1078836f90b9363b71fc5628bd3b8b Mon Sep 17 00:00:00 2001
From: Garret Patten <garret.patten@proton.me>
Date: Fri, 14 Nov 2025 20:09:03 -0500
Subject: [PATCH 3/5] yamllint errors

---
 .github/workflows/quality-checks.yaml |  4 +++-
 .yamllint                             | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 .yamllint

diff --git a/.github/workflows/quality-checks.yaml b/.github/workflows/quality-checks.yaml
index 792539f..a4faa23 100644
--- a/.github/workflows/quality-checks.yaml
+++ b/.github/workflows/quality-checks.yaml
@@ -1,10 +1,12 @@
+---
 name: 'Quality Checks'
 
-on: pull_request
+on: [pull_request]
 
 jobs:
   quality-checks:
     name: 'Linters'
+    # yamllint disable rule:line-length
     uses: garretpatten/quality-checks/.github/workflows/quality-checks.yaml@master
     with:
       actionlint_run: true
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..f67b94e
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,10 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 80
+  document-start: disable
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off']
+    check-keys: false

From 525a3eda0380ea09db0afda15fe5ca8a78120cdc Mon Sep 17 00:00:00 2001
From: Garret Patten <garret.patten@proton.me>
Date: Fri, 14 Nov 2025 20:10:23 -0500
Subject: [PATCH 4/5] fix: suppression

---
 .github/workflows/quality-checks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/quality-checks.yaml b/.github/workflows/quality-checks.yaml
index a4faa23..e33ae58 100644
--- a/.github/workflows/quality-checks.yaml
+++ b/.github/workflows/quality-checks.yaml
@@ -6,7 +6,7 @@ on: [pull_request]
 jobs:
   quality-checks:
     name: 'Linters'
-    # yamllint disable rule:line-length
+    # yamllint disable-line rule:line-length
     uses: garretpatten/quality-checks/.github/workflows/quality-checks.yaml@master
     with:
       actionlint_run: true

From 6eb31736594fd3403ab098eb2dc3e15f3b11d18f Mon Sep 17 00:00:00 2001
From: Garret Patten <garret.patten@proton.me>
Date: Fri, 14 Nov 2025 20:11:41 -0500
Subject: [PATCH 5/5] fix: suppression

---
 .github/workflows/security-checks.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/security-checks.yaml b/.github/workflows/security-checks.yaml
index f9a63d2..fd7d40e 100644
--- a/.github/workflows/security-checks.yaml
+++ b/.github/workflows/security-checks.yaml
@@ -5,6 +5,7 @@ on: pull_request
 jobs:
   scans:
     name: 'Scans'
+    # yamllint disable-line rule:line-length
     uses: garretpatten/security-checks/.github/workflows/security-checks.yaml@master
     with:
       semgrep_run: true