From 319c85e8ada3c07be30713d69f5d14af496fc0ca Mon Sep 17 00:00:00 2001 From: Antony Milne <49395058+antonymilne@users.noreply.github.com> Date: Fri, 18 Oct 2024 11:35:16 +0100 Subject: [PATCH] [Tidy] Remove gitleaks (#817) --- .github/workflows/secret-scan.yml | 30 ------------ .pre-commit-config.yaml | 15 ------ .vale/styles/Microsoft/ignore.txt | 1 - vizro-ai/hatch.toml | 5 +- ...018_103352_antony.milne_remove_gitleaks.md | 48 +++++++++++++++++++ .../docs/pages/explanation/contributing.md | 2 - vizro-core/hatch.toml | 7 ++- 7 files changed, 53 insertions(+), 55 deletions(-) delete mode 100644 .github/workflows/secret-scan.yml create mode 100644 vizro-core/changelog.d/20241018_103352_antony.milne_remove_gitleaks.md diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml deleted file mode 100644 index c3f9bc1b8..000000000 --- a/.github/workflows/secret-scan.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Secret scan - -on: - pull_request: - push: - workflow_dispatch: - schedule: - - cron: "0 4 * * *" # run once a day at 4 AM UTC - -env: - PYTHON_VERSION: "3.12" - -jobs: - secret-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-go@v5 - - - name: Set up Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install pre-commit - run: pip install pre-commit - - - name: Scan for secrets - run: pre-commit run gitleaks --all-files diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2602529d0..9061d1b59 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -72,20 +72,6 @@ repos: # https://github.com/pydantic/pydantic/pull/8765 - pydantic==1.10.14 - - repo: https://github.com/gitleaks/gitleaks - rev: v8.20.1 - hooks: - - id: gitleaks - name: gitleaks (protect) - description: Detect hardcoded secrets using Gitleaks - entry: gitleaks protect --verbose --staged - language: golang - - id: gitleaks - name: gitleaks (detect) - description: Detect hardcoded secrets using Gitleaks - entry: gitleaks detect --verbose --baseline-path gitleaks-report.json - language: golang - - repo: https://github.com/awebdeveloper/pre-commit-stylelint rev: "0.0.2" hooks: @@ -121,5 +107,4 @@ ci: - codespell - bandit - mypy - - gitleaks - vale diff --git a/.vale/styles/Microsoft/ignore.txt b/.vale/styles/Microsoft/ignore.txt index b8e14f952..7bd23f73b 100644 --- a/.vale/styles/Microsoft/ignore.txt +++ b/.vale/styles/Microsoft/ignore.txt @@ -68,7 +68,6 @@ Codespaces dev mypy javascript -gitleaks resizable LLMs untrusted diff --git a/vizro-ai/hatch.toml b/vizro-ai/hatch.toml index 9e317a7da..c74da9fc3 100644 --- a/vizro-ai/hatch.toml +++ b/vizro-ai/hatch.toml @@ -7,7 +7,7 @@ python = ["3.9", "3.10", "3.11", "3.12"] dependencies = ["scriv"] detached = true installer = "uv" -scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- SKIP=gitleaks pre-commit run --files=CHANGELOG.md > /dev/null"]} +scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- pre-commit run --files=CHANGELOG.md > /dev/null"]} [envs.default] dependencies = [ @@ -38,7 +38,7 @@ VIZRO_AI_LOG_LEVEL = "DEBUG" example = "cd examples; python example.py" example-create-dashboard = "cd examples; python example_dashboard.py" example-ui = "cd examples/dashboard_ui; python app.py" -lint = "SKIP=gitleaks pre-commit run {args} --all-files" +lint = "pre-commit run {args} --all-files" pip = "'{env:HATCH_UV}' pip {args}" prep-release = [ "hatch version release", @@ -47,7 +47,6 @@ prep-release = [ 'echo "Now raise a PR to merge into main with title: [Release] Release of vizro-ai $(hatch version)"' ] pypath = "hatch run python -c 'import sys; print(sys.executable)'" -secrets = "pre-commit run gitleaks --all-files" test = "pytest tests {args}" test-integration = "pytest -vs --reruns 1 tests/integration --headless {args}" test-unit = "pytest tests/unit {args}" diff --git a/vizro-core/changelog.d/20241018_103352_antony.milne_remove_gitleaks.md b/vizro-core/changelog.d/20241018_103352_antony.milne_remove_gitleaks.md new file mode 100644 index 000000000..7c0d58d4f --- /dev/null +++ b/vizro-core/changelog.d/20241018_103352_antony.milne_remove_gitleaks.md @@ -0,0 +1,48 @@ + + + + + + + + + diff --git a/vizro-core/docs/pages/explanation/contributing.md b/vizro-core/docs/pages/explanation/contributing.md index 214efe244..89efa971c 100644 --- a/vizro-core/docs/pages/explanation/contributing.md +++ b/vizro-core/docs/pages/explanation/contributing.md @@ -95,8 +95,6 @@ Examples are run with the following settings: Our Hatch environment specifies `pre-commit` as a dependency but otherwise does not specify dependencies for linting tools. Instead, the versions of these are pinned in `.pre-commit-config.yaml`, and `pre-commit ci` raises a monthly PR to update them. -We use [gitleaks](https://github.com/gitleaks/gitleaks) for secret scanning, which may require an [installation of `go`](https://go.dev/doc/install). By default, `hatch run lint` skips the secret scans so that it can function out of the box on all machines. To run a secret scan, run `hatch run secrets`. When executing the secret scan, there are two modes: `protect`, which can discover secrets in staged files, and `detect`, which does so in the commit history. - ### `hatch run changelog:add` `hatch run changelog:add` generates a new changelog fragment. This is included in CI checks and required for all changes outside documentation. diff --git a/vizro-core/hatch.toml b/vizro-core/hatch.toml index 3e64f4fe9..afd1d6ad6 100644 --- a/vizro-core/hatch.toml +++ b/vizro-core/hatch.toml @@ -14,7 +14,7 @@ matrix.python.features = [ dependencies = ["scriv"] detached = true installer = "uv" -scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- SKIP=gitleaks pre-commit run --files=CHANGELOG.md > /dev/null"]} +scripts = {add = "scriv create --add", collect = ["scriv collect --add", "- pre-commit run --files=CHANGELOG.md > /dev/null"]} [envs.default] dependencies = [ @@ -35,7 +35,7 @@ installer = "uv" [envs.default.scripts] example = "hatch run examples:example {args:scratch_dev}" # shortcut script to underlying example environment script. -lint = "SKIP=gitleaks pre-commit run {args} --all-files" +lint = "pre-commit run {args} --all-files" pip = "'{env:HATCH_UV}' pip {args}" prep-release = [ "hatch version release", @@ -48,9 +48,8 @@ prep-release = [ ] pypath = "python -c 'import sys; print(sys.executable)'" # Only run pre-commit hooks when schema is generated, not when it's checked. This keeps the check fast in CI. -schema = ["python schemas/generate.py", 'SKIP=gitleaks pre-commit run --files="schemas/$(hatch version).json" > /dev/null'] +schema = ["python schemas/generate.py", 'pre-commit run --files="schemas/$(hatch version).json" > /dev/null'] schema-check = ["python schemas/generate.py --check"] -secrets = "pre-commit run gitleaks --all-files" # Note `hatch run test` currently fails due to interference between integration tests and unit tests. Ideally we would # fix this, but we don't actually use `hatch run test` anywhere right now. # See comments added in https://github.com/mckinsey/vizro/pull/444.