-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Git hooks and add secret scanning
- Loading branch information
1 parent
f6da7dd
commit 16de805
Showing
7 changed files
with
500 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Lint and style checks | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
main | ||
|
||
jobs: | ||
backend: | ||
name: Backend lint and style check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
- working-directory: backend # Change this to the name of your backend directory | ||
run: | | ||
npm ci | ||
npm run lint-check | ||
frontend: | ||
name: Frontend lint and style check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
- working-directory: frontend # Change this to the name of your frontend directory | ||
run: | | ||
npm ci | ||
npm run lint-check | ||
secret-scan: | ||
name: Secret scan | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-node@v3 | ||
- run: | | ||
node .secret-scan/secret-scan.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/sh | ||
secret_scan_script="$(dirname "${0}")/../.secret-scan/secret-scan.js" | ||
node "${secret_scan_script}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
/secret-scan-cache.json | ||
/secret-scan-report.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"//": [ | ||
"To prevent a particular string from being flagged, add it (or a substring", | ||
"of it) to this array. This can be useful if your repository contains an", | ||
"example of what a credential should look like, a development credential", | ||
"(e.g. a database on localhost), or a previously leaked credential that", | ||
"has already been revoked. Obviously, do not put active credentials here." | ||
], | ||
"allowedStrings": ["mongodb://127.0.0.1", "mongodb://localhost"], | ||
"//": [ | ||
"Regexes used to scan the repository contents for secrets.", | ||
"If possible, try to make the regex match the entire secret, or", | ||
"allowedStrings might not work as expected. For example, if a regex", | ||
"matches only 'mongodb', this string by itself does not contain any of the", | ||
"strings in the allowlist, so it will still be flagged." | ||
], | ||
"secretRegexes": { | ||
"mongodbUrl": "mongodb([+]srv)?://[^\\s]+", | ||
"firebaseJsonPrivateKeyFile": "-----BEGIN PRIVATE KEY-----[^\\s]+" | ||
}, | ||
"//": [ | ||
"Do not check for secrets in these files. You should almost always use", | ||
"allowedStrings instead of this. We only add these files because they", | ||
"naturally contain things that look like secrets, but aren't." | ||
], | ||
"skippedFiles": [".secret-scan/secret-scan-cache.json", ".secret-scan/secret-scan-config.json"] | ||
} |
Oops, something went wrong.