diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 00000000..9bd7f5ba --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,691 @@ +{ + "exclude": { + "files": ".*/src/test/.*|^/Users/holly/code/src/github.com/galasa-dev/automation/.secrets.baseline$", + "lines": null + }, + "generated_at": "2024-05-31T12:07:23Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": { + "cmd/github-webhook-receiver/main_test.go": [ + { + "hashed_secret": "b89b4639940dfd8af36d8f7afe89ebaf073639f0", + "is_secret": true, + "is_verified": false, + "line_number": 92, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "061909d03cb57faa584d2bad3d41b858fb72e0a2", + "is_secret": true, + "is_verified": false, + "line_number": 234, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "aa53eef14088b3d99efc0a89e43afc9a151476dd", + "is_verified": false, + "line_number": 524, + "type": "Base64 High Entropy String", + "verified_result": null + } + ], + "docs/example-pull-request-open.md": [ + { + "hashed_secret": "ad083bae88c6cb3d578751c8ba84d76d2cb8a512", + "is_verified": false, + "line_number": 73, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "3544481fba1b776d3379fc445bcd08ff05ec20c4", + "is_verified": false, + "line_number": 116, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "docs/example-push-while-pr-open.md": [ + { + "hashed_secret": "ae35f635b44401f8ce8db259fef5c9343bca242e", + "is_verified": false, + "line_number": 83, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "3544481fba1b776d3379fc445bcd08ff05ec20c4", + "is_verified": false, + "line_number": 245, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "b7c4d03c42b647c564bdbcd4aef8d7d7b8386b9b", + "is_verified": false, + "line_number": 420, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "c91e3df4a1ea422b2909ab437a2bbd08610a21fd", + "is_verified": false, + "line_number": 421, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "go.sum": [ + { + "hashed_secret": "01a01074c535cc2c03a4ce88a41e8b0abf3ecb1a", + "is_verified": false, + "line_number": 1, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "cbdd1f393802e8fb0785108ccda04af22295e2e7", + "is_verified": false, + "line_number": 2, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "8deebf1d357418b3b3a472b47d33dce79bd5be15", + "is_verified": false, + "line_number": 5, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "4dbbe18874344f8a812138c0c9b17841a5fab11d", + "is_verified": false, + "line_number": 6, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "3ead09effb4d7ce86f6943e3df6a562cb12691cf", + "is_verified": false, + "line_number": 7, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ba55ca50e783ffebe84c0254a539613be3b728e8", + "is_verified": false, + "line_number": 8, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "b6223dd89ad101b014311d12514280dae4df7d2c", + "is_verified": false, + "line_number": 9, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ba587f6a940dca65109d203c5816402c862e3c54", + "is_verified": false, + "line_number": 10, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "7ee178324b977e202c99a1df3f1ae92819b7a67d", + "is_verified": false, + "line_number": 11, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "237f64c111ccc8fd3243a7fd7f7b06965ea3a0b8", + "is_verified": false, + "line_number": 12, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "3281c8f52dbb2e95e00f3bf25a175def72bc3aea", + "is_verified": false, + "line_number": 13, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "8b008690a2114bf8092791ae8aa0b0177a2e78af", + "is_verified": false, + "line_number": 14, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e134a4ec1ab316db90f0c25018be96acddea30c3", + "is_verified": false, + "line_number": 15, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "0de8ae481ba9b83e6f3aa5d423ab2b22a3b31f45", + "is_verified": false, + "line_number": 16, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "91a340ad61edde7370e7aeb0eea29b63a26f6367", + "is_verified": false, + "line_number": 18, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "c382813ad978b45fb54312f408087e014b4374eb", + "is_verified": false, + "line_number": 19, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "3b4bba8acc95234baabdcfef0574ad9178264cd8", + "is_verified": false, + "line_number": 20, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ddf772c359f79467b55c662a7cd7dbfa259ad1c8", + "is_verified": false, + "line_number": 21, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "7463de3990ced515e0d6d43c6539e193366878c6", + "is_verified": false, + "line_number": 22, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "cb5a31c2b60354e7f3fe3a788538bb781b34a94f", + "is_verified": false, + "line_number": 23, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "9e8e57936142b82b7fe9e0579479dddd40e17ce9", + "is_verified": false, + "line_number": 24, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "5047502ab402c669db5af9d5becc85e147d56b4c", + "is_verified": false, + "line_number": 25, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e5e9d05198ca5050f4b8980de112bf6a2e7c1b5d", + "is_verified": false, + "line_number": 26, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "d8b7d15a6ddd1fe63e5f56d538a721cbe1b4e384", + "is_verified": false, + "line_number": 27, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "f16e20544c05634663c76b999b6707da9f0ecbcc", + "is_verified": false, + "line_number": 28, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "5e235856f4e738c6927dab209f5b0d4bc70c6b4c", + "is_verified": false, + "line_number": 29, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "2d2a53ab302b2f26402df425b3827d5464b632d9", + "is_verified": false, + "line_number": 30, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "f32a61f2e6f2ce8daf210f506c4a7112bc541f03", + "is_verified": false, + "line_number": 31, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "b46ffd57039b50aecbe806f118fdc296d3f8e6dd", + "is_verified": false, + "line_number": 32, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "cd9bbc1b5fb19d011c1b1918671b9eca58eedf54", + "is_verified": false, + "line_number": 33, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "4907910e76973cad8f72dee961205fb922f7f67e", + "is_verified": false, + "line_number": 34, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "bad1eb8ee8f0feb71b5ee62380387e98eee83361", + "is_verified": false, + "line_number": 35, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "a3f739e01b6d150f9cec4737e7668db917cc2771", + "is_verified": false, + "line_number": 36, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "0d301b35345a6c42132e597b72cc9234fc661266", + "is_verified": false, + "line_number": 37, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "0918088df56ab0144ab80845726914b6f5762aa9", + "is_verified": false, + "line_number": 38, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "8032ce5257b54dcf78aec51f68d1fc8d063d1a57", + "is_verified": false, + "line_number": 39, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "595585f1659052624a1b2d3a03e86ae2e2ed6bb7", + "is_verified": false, + "line_number": 40, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "a113a099e239d7f5f8657afcfdb4f241324e7ea5", + "is_verified": false, + "line_number": 41, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "102741620fd59cdd46a9645e8f77622395ad8ddb", + "is_verified": false, + "line_number": 42, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "9dd5115ebcff5ee73ef485c2b87cd7f4bbc47450", + "is_verified": false, + "line_number": 43, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "c27f2a8fe63481e54eb7528fa4d7bd5372f3099e", + "is_verified": false, + "line_number": 44, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "4663612bdeb372f193f25d9c58dc670adaf64806", + "is_verified": false, + "line_number": 45, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "2601499f4ea1ac01520b17740b0a6954d3f23c1d", + "is_verified": false, + "line_number": 46, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "fc785be080b1e082bd0f556797bc52672b304e95", + "is_verified": false, + "line_number": 47, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ba43bd1a8381cadbbe48cfdcf3d1143584442087", + "is_verified": false, + "line_number": 48, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e2a43f26d857abb1c5aa824d0dbe08ea2b6a343b", + "is_verified": false, + "line_number": 49, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "d37d133fae9f533b35fb02c26273eab40b71a0f1", + "is_verified": false, + "line_number": 50, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "01cdf44795279ed719eed59573f0e67a20219b2d", + "is_verified": false, + "line_number": 51, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "af58e693e1b2d980ed923a3a65bacd88033d1c9d", + "is_verified": false, + "line_number": 54, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "0ce1bbf44cfc3e9ac535b22293940f5ace10a031", + "is_verified": false, + "line_number": 55, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ebce33ed93c15294766862efead26a0fe7c1b480", + "is_verified": false, + "line_number": 56, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "01cc9bc51bf3fa82306f40389795abe791c0ea06", + "is_verified": false, + "line_number": 61, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "78bdedbd3ccf14e2a9610ae78279dbb8b87a75b4", + "is_verified": false, + "line_number": 63, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ae265ceaecee518874ebf3646c433ff6128db110", + "is_verified": false, + "line_number": 64, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "8270b5c71f7f7e6bd094c9cb1ab9555c29e8f841", + "is_verified": false, + "line_number": 65, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "fda7084b2e220d7b4fdb7d0df523fe0c0e1a75d1", + "is_verified": false, + "line_number": 66, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "45650903d66d914df58bb9125971a9bfc2d94c0a", + "is_verified": false, + "line_number": 67, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "9ed5ca6d966450abfdcbd8181a99a4acc9602102", + "is_verified": false, + "line_number": 68, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "7d235413ab75850d814e60c7679aad52e408b229", + "is_verified": false, + "line_number": 69, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "6c76abe4bb26384b9ff06c9ef66352708b9368f1", + "is_verified": false, + "line_number": 70, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "75ab864f84af321656ed52959dd5be6b7d1ecb09", + "is_verified": false, + "line_number": 71, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "24faaef0b063439371412110029778332d5c5cd3", + "is_verified": false, + "line_number": 72, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "f892aaac62a5a3e57e2c8a7b32e50a9909fd863b", + "is_verified": false, + "line_number": 73, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "6096cceb2ebde8f7884455e805267c3be8aba4bc", + "is_verified": false, + "line_number": 74, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "b7dadbe2c4f4159fc0b5fe73195bcd53846517d6", + "is_verified": false, + "line_number": 76, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e81e8bf6369a7231803cee4a1c13348804e951ac", + "is_verified": false, + "line_number": 77, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "4ef548550ab47a3cf6306d34075d8065ed95d0f1", + "is_verified": false, + "line_number": 78, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "1acf1f8876ac6001592457efc5266bee6c77fcdd", + "is_verified": false, + "line_number": 79, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ec0344a0f1a84df30c425b18b61c4c25dbb1a8e1", + "is_verified": false, + "line_number": 80, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "6b4647e77eecb1299359b8b08fff2801a3c88bcd", + "is_verified": false, + "line_number": 81, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "c5f1dc3654012c916a5925ee4c98d546f43596ab", + "is_verified": false, + "line_number": 82, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "aa945027601e7b92be504f177761e51cd2fc9293", + "is_verified": false, + "line_number": 83, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "a5153026164a8b6aec7ea9f54ab4742295bc0854", + "is_verified": false, + "line_number": 84, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "f78d2a86ab2f64ebcc591442fa0a1be2143ecb46", + "is_verified": false, + "line_number": 85, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "26003ea45ee54ae0c27ff9e6156c3a353bfbf0cb", + "is_verified": false, + "line_number": 87, + "type": "Base64 High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "d858adb1976228c458c39e2564548b3e2466d8d5", + "is_verified": false, + "line_number": 88, + "type": "Base64 High Entropy String", + "verified_result": null + } + ] + }, + "version": "0.13.1+ibm.62.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/build-locally.sh b/build-locally.sh index ef3949fc..6e736358 100755 --- a/build-locally.sh +++ b/build-locally.sh @@ -57,6 +57,31 @@ None EOF } +#------------------------------------------------------------- +function check_exit_code () { + # This function takes 3 parameters in the form: + # $1 an integer value of the expected exit code + # $2 an error message to display if $1 is not equal to 0 + if [[ "$1" != "0" ]]; then + error "$2" + exit 1 + fi +} +#------------------------------------------------------------- +function check_secrets { + h2 "updating secrets baseline" + detect-secrets scan --exclude-files '.*/src/test/.*' --update ${BASEDIR}/.secrets.baseline + rc=$? + check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" + success "updated secrets file" + + h2 "running audit for secrets" + detect-secrets audit ${BASEDIR}/.secrets.baseline + rc=$? + check_exit_code 0 "Failed to audit detect-secrets." + success "secrets audit complete" +} + #-------------------------------------------------------------------------- # # Main script logic @@ -98,7 +123,8 @@ if [[ "${build_type}" == "clean" ]]; then h2 "Cleaning the binaries out..." cd ${BASEDIR}/build-images/github-webhook-receiver make clean - rc=$? ; if [[ "${rc}" != "0" ]]; then error "Failed to build and run unit tests. rc=${rc}" ; exit 1 ; fi + rc=$? + check_exit_code $rc "Failed to build and run unit tests. rc=${rc}" success "Binaries cleaned up - OK" fi @@ -108,7 +134,8 @@ fi h2 "Getting dependent Go packages..." cd ${BASEDIR}/build-images/github-webhook-receiver make setup -rc=$? ; if [[ "${rc}" != "0" ]]; then error "Failed to get golang dependencies. rc=${rc}" ; exit 1 ; fi +rc=$? +check_exit_code $rc "Failed to get golang dependencies. rc=${rc}" success "New binaries built - OK" #-------------------------------------------------------------------------- @@ -117,7 +144,8 @@ success "New binaries built - OK" h2 "Building new binaries..." cd ${BASEDIR}/build-images/github-webhook-receiver make delta-build -rc=$? ; if [[ "${rc}" != "0" ]]; then error "Failed to build binary executable programs. rc=${rc}" ; exit 1 ; fi +rc=$? +check_exit_code $rc "Failed to build binary executable programs. rc=${rc}" success "New binaries built - OK" #-------------------------------------------------------------------------- @@ -160,4 +188,6 @@ success "New binaries built - OK" #-------------------------------------------------------------------------- h2 "Use the results.." info "Binary executable programs are found in the 'bin' folder." -ls ${BASEDIR}/build-images/github-webhook-receiver/bin | grep -v "gendocs" \ No newline at end of file +ls ${BASEDIR}/build-images/github-webhook-receiver/bin | grep -v "gendocs" + +check_secrets \ No newline at end of file