From 07f8af9dab87390c1ba4358c9a48357f270f6467 Mon Sep 17 00:00:00 2001
From: Joe Takara <anuchit.boonsom@gmail.com>
Date: Thu, 4 Jun 2026 01:12:21 +0700
Subject: [PATCH] ci(security): add gitleaks secret scanning

---
 .github/workflows/secret-scan.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/secret-scan.yml

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
new file mode 100644
index 0000000..390a4b3
--- /dev/null
+++ b/.github/workflows/secret-scan.yml
@@ -0,0 +1,27 @@
+name: Secret Scan
+
+on:
+  pull_request:
+  schedule:
+    - cron: "0 4 * * 1"
+  workflow_dispatch:
+
+concurrency:
+  group: secret-scan-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+permissions:
+  contents: read
+
+jobs:
+  secret-scan-pr:
+    if: github.event_name == 'pull_request'
+    uses: lanlada/.github/.github/workflows/reusable-secret-scan.yml@main
+    with:
+      mode: pr
+
+  secret-scan-full:
+    if: github.event_name != 'pull_request'
+    uses: lanlada/.github/.github/workflows/reusable-secret-scan.yml@main
+    with:
+      mode: full