🔧 修复安全扫描误报 #3

	name: CI

	on:
	push:
	branches: [ main, master ]
	pull_request:
	branches: [ main, master ]

	jobs:
	test:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Setup MoonBit
	uses: hustcer/setup-moonbit@v1
	with:
	version: "latest"

	- name: Check MoonBit installation
	run: \|
	moon version --all
	which moon

	- name: Install dependencies
	run: \|
	moon install

	- name: Check code format
	run: \|
	moon fmt --check

	- name: Run tests
	run: \|
	moon test --enable-coverage

	- name: Generate coverage report
	run: \|
	moon coverage report -f cobertura -o coverage.xml
	moon coverage report -f html

	- name: Upload coverage reports
	uses: actions/upload-artifact@v4
	with:
	name: coverage-report
	path: \|
	coverage.xml
	_coverage/

	- name: Build project
	run: \|
	moon build

	- name: Run examples
	run: \|
	cd examples
	moon run cli_demo

	security:
	name: 🔒 Security Scan
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: 🔒 Run security audit
	run: \|
	# 检查真正的敏感信息泄露（排除配置文件和常见关键词）
	if grep -r -i "password\s=\\|secret\s=\\|api_key\s*=\\|private_key\\|access_token" . \
	--exclude-dir=.git \
	--exclude-dir=.github \
	--exclude-dir=node_modules \
	--exclude="*.md" \
	--exclude="*.json" \
	--exclude="*.toml" \
	--exclude="*.yml" \
	--exclude="*.yaml"; then
	echo "⚠️ 发现可能的敏感信息"
	exit 1
	else
	echo "✅ 安全检查通过"
	fi

Provide feedback