From 298a4e2dcfc555b4daf17d2824f2bfbe47aaa1cc Mon Sep 17 00:00:00 2001
From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com>
Date: Tue, 12 May 2026 22:57:21 +0200
Subject: [PATCH] ci(secret-scanner): drop duplicate --fail from trufflehog
 extra_args

The v3 trufflehog action injects --fail automatically on pull_request
events; passing it again here triggers "flag 'fail' cannot be repeated"
and breaks every secret-scanner run. Aligns with hyperpolymath/rsr-template-repo#37.
---
 .github/workflows/secret-scanner.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml
index 972800e..8bf6dfb 100644
--- a/.github/workflows/secret-scanner.yml
+++ b/.github/workflows/secret-scanner.yml
@@ -20,7 +20,9 @@ jobs:
       - name: TruffleHog Secret Scan
         uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab # v3
         with:
-          extra_args: --only-verified --fail
+          # The v3 action injects --fail automatically on pull_request events.
+          # Passing --fail here triggers "flag 'fail' cannot be repeated".
+          extra_args: --only-verified
 
   gitleaks:
     runs-on: ubuntu-latest
@@ -32,4 +34,4 @@ jobs:
       - name: Gitleaks Secret Scan
         uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file