Skip to content

Commit

Permalink
[Tidy] Remove gitleaks (#817)
Browse files Browse the repository at this point in the history
  • Loading branch information
antonymilne authored Oct 18, 2024
1 parent 916cc7d commit 319c85e
Show file tree
Hide file tree
Showing 7 changed files with 53 additions and 55 deletions.
30 changes: 0 additions & 30 deletions .github/workflows/secret-scan.yml

This file was deleted.

15 changes: 0 additions & 15 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -72,20 +72,6 @@ repos:
# https://github.com/pydantic/pydantic/pull/8765
- pydantic==1.10.14

- repo: https://github.com/gitleaks/gitleaks
rev: v8.20.1
hooks:
- id: gitleaks
name: gitleaks (protect)
description: Detect hardcoded secrets using Gitleaks
entry: gitleaks protect --verbose --staged
language: golang
- id: gitleaks
name: gitleaks (detect)
description: Detect hardcoded secrets using Gitleaks
entry: gitleaks detect --verbose --baseline-path gitleaks-report.json
language: golang

- repo: https://github.com/awebdeveloper/pre-commit-stylelint
rev: "0.0.2"
hooks:
Expand Down Expand Up @@ -121,5 +107,4 @@ ci:
- codespell
- bandit
- mypy
- gitleaks
- vale
1 change: 0 additions & 1 deletion .vale/styles/Microsoft/ignore.txt
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@ Codespaces
dev
mypy
javascript
gitleaks
resizable
LLMs
untrusted
Expand Down
5 changes: 2 additions & 3 deletions vizro-ai/hatch.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ python = ["3.9", "3.10", "3.11", "3.12"]
dependencies = ["scriv"]
detached = true
installer = "uv"
scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- SKIP=gitleaks pre-commit run --files=CHANGELOG.md > /dev/null"]}
scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- pre-commit run --files=CHANGELOG.md > /dev/null"]}

[envs.default]
dependencies = [
Expand Down Expand Up @@ -38,7 +38,7 @@ VIZRO_AI_LOG_LEVEL = "DEBUG"
example = "cd examples; python example.py"
example-create-dashboard = "cd examples; python example_dashboard.py"
example-ui = "cd examples/dashboard_ui; python app.py"
lint = "SKIP=gitleaks pre-commit run {args} --all-files"
lint = "pre-commit run {args} --all-files"
pip = "'{env:HATCH_UV}' pip {args}"
prep-release = [
"hatch version release",
Expand All @@ -47,7 +47,6 @@ prep-release = [
'echo "Now raise a PR to merge into main with title: [Release] Release of vizro-ai $(hatch version)"'
]
pypath = "hatch run python -c 'import sys; print(sys.executable)'"
secrets = "pre-commit run gitleaks --all-files"
test = "pytest tests {args}"
test-integration = "pytest -vs --reruns 1 tests/integration --headless {args}"
test-unit = "pytest tests/unit {args}"
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
<!--
A new scriv changelog fragment.
Uncomment the section that is right (remove the HTML comment wrapper).
-->

<!--
### Highlights ✨
- A bullet item for the Highlights ✨ category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Removed
- A bullet item for the Removed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Added
- A bullet item for the Added category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Changed
- A bullet item for the Changed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Deprecated
- A bullet item for the Deprecated category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Fixed
- A bullet item for the Fixed category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
<!--
### Security
- A bullet item for the Security category with a link to the relevant PR at the end of your entry, e.g. Enable feature XXX. ([#1](https://github.com/mckinsey/vizro/pull/1))
-->
2 changes: 0 additions & 2 deletions vizro-core/docs/pages/explanation/contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,6 @@ Examples are run with the following settings:

Our Hatch environment specifies `pre-commit` as a dependency but otherwise does not specify dependencies for linting tools. Instead, the versions of these are pinned in `.pre-commit-config.yaml`, and `pre-commit ci` raises a monthly PR to update them.

We use [gitleaks](https://github.com/gitleaks/gitleaks) for secret scanning, which may require an [installation of `go`](https://go.dev/doc/install). By default, `hatch run lint` skips the secret scans so that it can function out of the box on all machines. To run a secret scan, run `hatch run secrets`. When executing the secret scan, there are two modes: `protect`, which can discover secrets in staged files, and `detect`, which does so in the commit history.

### `hatch run changelog:add`

`hatch run changelog:add` generates a new changelog fragment. This is included in CI checks and required for all changes outside documentation.
Expand Down
7 changes: 3 additions & 4 deletions vizro-core/hatch.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ matrix.python.features = [
dependencies = ["scriv"]
detached = true
installer = "uv"
scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- SKIP=gitleaks pre-commit run --files=CHANGELOG.md > /dev/null"]}
scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- pre-commit run --files=CHANGELOG.md > /dev/null"]}

[envs.default]
dependencies = [
Expand All @@ -35,7 +35,7 @@ installer = "uv"

[envs.default.scripts]
example = "hatch run examples:example {args:scratch_dev}" # shortcut script to underlying example environment script.
lint = "SKIP=gitleaks pre-commit run {args} --all-files"
lint = "pre-commit run {args} --all-files"
pip = "'{env:HATCH_UV}' pip {args}"
prep-release = [
"hatch version release",
Expand All @@ -48,9 +48,8 @@ prep-release = [
]
pypath = "python -c 'import sys; print(sys.executable)'"
# Only run pre-commit hooks when schema is generated, not when it's checked. This keeps the check fast in CI.
schema = ["python schemas/generate.py", 'SKIP=gitleaks pre-commit run --files="schemas/$(hatch version).json" > /dev/null']
schema = ["python schemas/generate.py", 'pre-commit run --files="schemas/$(hatch version).json" > /dev/null']
schema-check = ["python schemas/generate.py --check"]
secrets = "pre-commit run gitleaks --all-files"
# Note `hatch run test` currently fails due to interference between integration tests and unit tests. Ideally we would
# fix this, but we don't actually use `hatch run test` anywhere right now.
# See comments added in https://github.com/mckinsey/vizro/pull/444.
Expand Down

0 comments on commit 319c85e

Please sign in to comment.