From 6aabadc2fe281393a3beedbaf6e833a223cd4ca9 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sat, 20 Jun 2026 18:28:28 +0000
Subject: [PATCH] Drop redundant, broken trufflehog job from secret-scanner
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The hand-rolled `trufflehog` job was both unpinned (`@main`, failing the
Workflow security linter) and passed `--fail` on top of the action's own
`--fail` (failing with "flag 'fail' cannot be repeated"). The reusable
`scan` job (hyperpolymath/standards secret-scanner-reusable, SHA-pinned)
already runs trufflehog — the passing `scan / trufflehog` check — so the
local job was pure duplication. Remove it: fixes both red checks and
de-duplicates secret scanning.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019i2e5ABGBKQmMdqk8puFWx
---
 .github/workflows/secret-scanner.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml
index 413006f64..d53991bcc 100644
--- a/.github/workflows/secret-scanner.yml
+++ b/.github/workflows/secret-scanner.yml
@@ -13,13 +13,3 @@ jobs:
   scan:
     uses: hyperpolymath/standards/.github/workflows/secret-scanner-reusable.yml@3e4bd4c93911750727e2e4c66dff859e00079da0
     secrets: inherit
-  trufflehog:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: TruffleHog Secret Scan
-        uses: trufflesecurity/trufflehog@main
-        with:
-          extra_args: --only-verified --fail