From e5d693444fa7e3703e59dc528726512e008aefdd Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 09:28:27 +0000 Subject: [PATCH 01/25] Initial version --- docker-plain/files/.pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 docker-plain/files/.pre-commit-config.yaml diff --git a/docker-plain/files/.pre-commit-config.yaml b/docker-plain/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/docker-plain/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 591f840f870871be92f022ac58dcca31d5a9c90b Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 09:33:08 +0000 Subject: [PATCH 02/25] Add documentation --- .../modules/quickstarters/pages/docker-plain.adoc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/modules/quickstarters/pages/docker-plain.adoc b/docs/modules/quickstarters/pages/docker-plain.adoc index 641d4fa47..2be039e22 100644 --- a/docs/modules/quickstarters/pages/docker-plain.adoc +++ b/docs/modules/quickstarters/pages/docker-plain.adoc @@ -11,6 +11,7 @@ or that you need to "OpenShiftify", by setting an (non-root) execution user, etc ---- ├── Jenkinsfile - Contains Jenkins build configuration ├── README.md +├── .pre-commit-config.yaml ├── docker - Contains Dockerfile for the build │ └── Dockerfile ├── metadata.yml - Component metadata @@ -75,6 +76,20 @@ Assuming your component contains source code you want to have delivered by the _ Feel free to look out for examples in our existing quickstarters, such as link:https://github.com/opendevstack/ods-quickstarters/blob/master/be-java-springboot[be-java-springboot]. +== Secret scanning with gitleaks + +This repository has a pre-commit hook that runs gitleaks on every commit. +To install the hook, run: + +``` +pip install pre-commit +pre-commit +``` + +After this every commit will inform you about any secrets that are committed. + +If you want to skip this check, use the `--no-verify` flag when committing. + == Builder agent used none From 0367760db2ac3dc663159e4700e1a51dcb912e9b Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:04:09 +0000 Subject: [PATCH 03/25] Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ed48f1d3..1ef45a310 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog ### Added +- Added scret scanning in docker plain ([#963](https://github.com/opendevstack/ods-quickstarters/pull/963)) ### Modified From df1e40c476543fb172037385b047f389fc2c2567 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:15:15 +0000 Subject: [PATCH 04/25] Move documentation to a partial --- docs/modules/quickstarters/pages/docker-plain.adoc | 14 +------------- .../partials/secret-scanning-with-gitleaks.adoc | 13 +++++++++++++ 2 files changed, 14 insertions(+), 13 deletions(-) create mode 100644 docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc diff --git a/docs/modules/quickstarters/pages/docker-plain.adoc b/docs/modules/quickstarters/pages/docker-plain.adoc index 2be039e22..64d113d2c 100644 --- a/docs/modules/quickstarters/pages/docker-plain.adoc +++ b/docs/modules/quickstarters/pages/docker-plain.adoc @@ -76,19 +76,7 @@ Assuming your component contains source code you want to have delivered by the _ Feel free to look out for examples in our existing quickstarters, such as link:https://github.com/opendevstack/ods-quickstarters/blob/master/be-java-springboot[be-java-springboot]. -== Secret scanning with gitleaks - -This repository has a pre-commit hook that runs gitleaks on every commit. -To install the hook, run: - -``` -pip install pre-commit -pre-commit -``` - -After this every commit will inform you about any secrets that are committed. - -If you want to skip this check, use the `--no-verify` flag when committing. +include::partial$secret-scanning-with-gitleaks.adoc == Builder agent used diff --git a/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc b/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc new file mode 100644 index 000000000..4d2927026 --- /dev/null +++ b/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc @@ -0,0 +1,13 @@ +== Secret scanning with gitleaks + +This repository has a pre-commit hook that runs gitleaks on every commit. +To install the hook, run: + +``` +pip install pre-commit +pre-commit +``` + +After this every commit will inform you about any secrets that are committed. + +If you want to skip this check, use the `--no-verify` flag when committing. From b88c8a7a703b8f17441e8d3485f0dbe849542853 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:25:18 +0000 Subject: [PATCH 05/25] Add hook and docs to be-gateway --- be-gateway-nginx/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-gateway-nginx.adoc | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 be-gateway-nginx/files/.pre-commit-config.yaml diff --git a/be-gateway-nginx/files/.pre-commit-config.yaml b/be-gateway-nginx/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-gateway-nginx/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-gateway-nginx.adoc b/docs/modules/quickstarters/pages/be-gateway-nginx.adoc index 92e2cd57e..4d77a6631 100644 --- a/docs/modules/quickstarters/pages/be-gateway-nginx.adoc +++ b/docs/modules/quickstarters/pages/be-gateway-nginx.adoc @@ -14,6 +14,7 @@ Use this quickstarter when you want to use https://www.nginx.org[nginx] server w │ ├── entrypoint.sh - Enables runtime configurations and runs openresty │ └── nginx.conf - The nginx configuration ├── Jenkinsfile - Contains Jenkins build configuration +├── .pre-commit-config.yaml ├── metadata.yml - Component metadata └── release-manager.yml - Configuration file for the Release Manager ---- @@ -122,6 +123,8 @@ There are two steps: * Build the container image. * Deploy. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-core/tree/master/jenkins/agent-base[jenkins-agent-base] From b7e7332feadc05d7959b60fb3e46f228e64176f7 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:25:34 +0000 Subject: [PATCH 06/25] Add hook and docs to be-golang-plain --- be-golang-plain/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-golang-plain.adoc | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 be-golang-plain/files/.pre-commit-config.yaml diff --git a/be-golang-plain/files/.pre-commit-config.yaml b/be-golang-plain/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-golang-plain/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-golang-plain.adoc b/docs/modules/quickstarters/pages/be-golang-plain.adoc index faed333d5..aa80c40ad 100644 --- a/docs/modules/quickstarters/pages/be-golang-plain.adoc +++ b/docs/modules/quickstarters/pages/be-golang-plain.adoc @@ -9,6 +9,7 @@ suited for CLI tools, network/operational related things and microservices. ---- ├── Jenkinsfile - Contains Jenkins build configuration +├── .pre-commit-config.yaml ├── README.md ├── docker - Contains Dockerfile for the build │ └── Dockerfile @@ -56,6 +57,8 @@ There are six steps: * Build the container image. * Deploy. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses From 19dddf5780139b330549fc1fdbaa87d94e1609e1 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:26:01 +0000 Subject: [PATCH 07/25] Add hook and docs to be-java-springboot --- be-java-springboot/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-java-springboot.adoc | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 be-java-springboot/files/.pre-commit-config.yaml diff --git a/be-java-springboot/files/.pre-commit-config.yaml b/be-java-springboot/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-java-springboot/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-java-springboot.adoc b/docs/modules/quickstarters/pages/be-java-springboot.adoc index 80990131e..99ffa7de0 100644 --- a/docs/modules/quickstarters/pages/be-java-springboot.adoc +++ b/docs/modules/quickstarters/pages/be-java-springboot.adoc @@ -134,6 +134,8 @@ comment on line `stageUploadToNexus` in `Jenkinsfile` NOTE: The 2nd step executes `gradlew build` to compile your project and create a distribution as `jar` file. This file is copied to the `docker` folder to be included in the docker image when the image is built in step 5. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses the From b80c83e30b8a3a78b61e302dcacb225e37586106 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:26:58 +0000 Subject: [PATCH 08/25] Add hook and docs to be-python-flask --- be-python-flask/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-python-flask.adoc | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 be-python-flask/files/.pre-commit-config.yaml diff --git a/be-python-flask/files/.pre-commit-config.yaml b/be-python-flask/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-python-flask/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-python-flask.adoc b/docs/modules/quickstarters/pages/be-python-flask.adoc index 003463852..09a558d47 100644 --- a/docs/modules/quickstarters/pages/be-python-flask.adoc +++ b/docs/modules/quickstarters/pages/be-python-flask.adoc @@ -14,6 +14,7 @@ It contains the basic setup for Docker, Jenkins, SonarQube and OpenShift. ---- ├── Jenkinsfile - This file contains Jenkins build configuration settings +├── .pre-commit-config.yaml ├── README.md ├── docker - This folder contains Docker configuration settings │ ├── Dockerfile @@ -111,6 +112,8 @@ The Jenkinsfile is provisioned with this quick starter to ease CI/CD process. In * *Build* - Builds the application: copies src folder into docker/dist folder. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/python[Python] builder agent Jenkins builder agent. From c03fcf023db8cbdba432c902896c7eccf98590a8 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:27:12 +0000 Subject: [PATCH 09/25] Add hook and docs to be-scala-play --- be-scala-play/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-scala-play.adoc | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 be-scala-play/files/.pre-commit-config.yaml diff --git a/be-scala-play/files/.pre-commit-config.yaml b/be-scala-play/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-scala-play/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-scala-play.adoc b/docs/modules/quickstarters/pages/be-scala-play.adoc index e0ba12cf6..f53c725cc 100644 --- a/docs/modules/quickstarters/pages/be-scala-play.adoc +++ b/docs/modules/quickstarters/pages/be-scala-play.adoc @@ -13,6 +13,7 @@ An example Play Web Application is generated with a Controller and some tests. ---- . ├── Jenkinsfile +├── .pre-commit-config.yaml ├── app │   ├── controllers │   │   └── HomeController.scala @@ -83,6 +84,8 @@ In Jenkinsfile, there are various stages * stageBuild - checks source files formatting, runs the tests and builds and copies the artifacts for creating the docker image to the `docker` directory. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses the From 57f641bd144418cb859e00afaa1595a90c43c07d Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:27:29 +0000 Subject: [PATCH 10/25] Add hook and docs to be-typescript-express --- be-typescript-express/files/.pre-commit-config.yaml | 5 +++++ docs/modules/quickstarters/pages/be-typescript-express.adoc | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 be-typescript-express/files/.pre-commit-config.yaml diff --git a/be-typescript-express/files/.pre-commit-config.yaml b/be-typescript-express/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-typescript-express/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks diff --git a/docs/modules/quickstarters/pages/be-typescript-express.adoc b/docs/modules/quickstarters/pages/be-typescript-express.adoc index 256da696b..3c438a5c9 100644 --- a/docs/modules/quickstarters/pages/be-typescript-express.adoc +++ b/docs/modules/quickstarters/pages/be-typescript-express.adoc @@ -12,6 +12,7 @@ The package json is generated by simply using `npm init -y`, while the tsconfig ---- ├── Jenkinsfile - Contains Jenkins build configuration +├── .pre-commit-config.yaml ├── LICENSE ├── README.md ├── docker - Contains Dockerfile for the build @@ -86,6 +87,8 @@ The build pipeline is defined in the `Jenkinsfile` in the project root. The main . Build : `npm run build` command is executed to build the application and then the build is copied to the `docker/dist` folder. . Unit Testing : `npm run test` command is executed for running unit tests and to generate coverage report. The results can be seen form the Jenkins console output. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/nodejs18[Node.JS 18 builder agent] for Jenkins. From 6be209780112d2dd3c414ccc30f0b55827870e76 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:28:03 +0000 Subject: [PATCH 11/25] Add hook and docs to ds-jupyter-lab --- docs/modules/quickstarters/pages/ds-jupyter-lab.adoc | 3 +++ ds-jupyter-lab/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 ds-jupyter-lab/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/ds-jupyter-lab.adoc b/docs/modules/quickstarters/pages/ds-jupyter-lab.adoc index b478965e2..1445fc65d 100644 --- a/docs/modules/quickstarters/pages/ds-jupyter-lab.adoc +++ b/docs/modules/quickstarters/pages/ds-jupyter-lab.adoc @@ -9,6 +9,7 @@ Provision a shared Jupyter Lab within OpenShift for rapid prototyping of data sc ---- . ├── Jenkinsfile +├── .pre-commit-config.yaml ├── docker │ ├── Dockerfile │ ├── jupyter_lab_config.json @@ -68,6 +69,8 @@ The build pipeline is defined in the `Jenkinsfile` in the project root. The main . Start OpenShift build . Deploy image to OpenShift +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used https://github.com/opendevstack/ods-core/tree/master/jenkins/agent-base[jenkins-agent-base] diff --git a/ds-jupyter-lab/files/.pre-commit-config.yaml b/ds-jupyter-lab/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/ds-jupyter-lab/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From b9abdc832c9c4e5f947c5238bed162703b4524db Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:28:19 +0000 Subject: [PATCH 12/25] Add hook and docs to ds-rshiny --- docs/modules/quickstarters/pages/ds-rshiny.adoc | 3 +++ ds-rshiny/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 ds-rshiny/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/ds-rshiny.adoc b/docs/modules/quickstarters/pages/ds-rshiny.adoc index d33fc3377..790422b7a 100644 --- a/docs/modules/quickstarters/pages/ds-rshiny.adoc +++ b/docs/modules/quickstarters/pages/ds-rshiny.adoc @@ -9,6 +9,7 @@ Provisions a R Shiny application within OpenShift using OpenShift OAuth. ---- . ├── Jenkinsfile - This file contains Jenkins build configuration settings +├── .pre-commit-config.yaml ├── docker - This folder contains Docker configuration settings and main R Shiny app │ ├── Dockerfile │ └── app.R @@ -47,6 +48,8 @@ The build pipeline is defined in the `Jenkinsfile` in the project root. The main . Start OpenShift build . Deploy image to OpenShift +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used https://github.com/opendevstack/ods-core/tree/master/jenkins/agent-base[jenkins-agent-base] diff --git a/ds-rshiny/files/.pre-commit-config.yaml b/ds-rshiny/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/ds-rshiny/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 017009477aaa8a495ef855093cddc4ac29152a85 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:28:31 +0000 Subject: [PATCH 13/25] Add hook and docs to ds-streamlit --- docs/modules/quickstarters/pages/ds-streamlit.adoc | 3 +++ ds-streamlit/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 ds-streamlit/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/ds-streamlit.adoc b/docs/modules/quickstarters/pages/ds-streamlit.adoc index 82a89b0b6..31df7b297 100644 --- a/docs/modules/quickstarters/pages/ds-streamlit.adoc +++ b/docs/modules/quickstarters/pages/ds-streamlit.adoc @@ -9,6 +9,7 @@ Provisions a streamlit based dashboard with authentication. ---- . ├── Jenkinsfile +├── .pre-commit-config.yaml ├── docker_streamlit │ └── Dockerfile ├── docker_oauth @@ -95,6 +96,8 @@ In order to be sure that your code passes the linting stage execute or add it as * *Build* - Builds the application: copies src folder into docker_streamlit/dist folder. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/python[Python] builder agent Jenkins builder agent. diff --git a/ds-streamlit/files/.pre-commit-config.yaml b/ds-streamlit/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/ds-streamlit/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 5178a3ac21bcdc8566b814c3bfc5832b12a4189f Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:28:44 +0000 Subject: [PATCH 14/25] Add hook and docs to e2e-cypress --- docs/modules/quickstarters/pages/e2e-cypress.adoc | 3 +++ e2e-cypress/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 e2e-cypress/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/e2e-cypress.adoc b/docs/modules/quickstarters/pages/e2e-cypress.adoc index 587e70441..e5ea7da95 100644 --- a/docs/modules/quickstarters/pages/e2e-cypress.adoc +++ b/docs/modules/quickstarters/pages/e2e-cypress.adoc @@ -33,6 +33,7 @@ This is a Cypress end-to-end testing project quickstarter with basic setup for h ├── cypress.env.json.template ├── cypress.json ├── Jenkinsfile +├── .pre-commit-config.yaml ├── metadata.yml - Component metadata │── package.json ├── README.md @@ -123,6 +124,8 @@ if (context.gitBranch == 'master' || context.gitBranch.startsWith('release/')) { You can find more information about using the Cypress Cloud in the official documentation for Cypress https://docs.cypress.io/guides/cloud/introduction. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses diff --git a/e2e-cypress/files/.pre-commit-config.yaml b/e2e-cypress/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/e2e-cypress/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 3307514987bf7452dafd82f8efb94ba900a3e2af Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:29:00 +0000 Subject: [PATCH 15/25] Add hook and docs to e2e-spock-geb --- docs/modules/quickstarters/pages/e2e-spock-geb.adoc | 3 +++ e2e-spock-geb/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 e2e-spock-geb/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/e2e-spock-geb.adoc b/docs/modules/quickstarters/pages/e2e-spock-geb.adoc index 006f2ee6e..f7105d322 100644 --- a/docs/modules/quickstarters/pages/e2e-spock-geb.adoc +++ b/docs/modules/quickstarters/pages/e2e-spock-geb.adoc @@ -11,6 +11,7 @@ This is a spock, geb and unirest e2e testing project quickstarter with basic set ---- . ├── Jenkinsfile +├── .pre-commit-config.yaml ├── README.md ├── sonar-project.properties ├── src @@ -133,6 +134,8 @@ In Jenkinsfile.template, there is the following stage: All the results are stashed and published through Jenkins jUnit publisher. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses the diff --git a/e2e-spock-geb/files/.pre-commit-config.yaml b/e2e-spock-geb/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/e2e-spock-geb/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From c1d137f2fbec7cd0a62c6110ef761d6bcc3d715a Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:29:12 +0000 Subject: [PATCH 16/25] Add hook and docs to fe-angular --- docs/modules/quickstarters/pages/fe-angular.adoc | 3 +++ fe-angular/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 fe-angular/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/fe-angular.adoc b/docs/modules/quickstarters/pages/fe-angular.adoc index 92761114f..afede7676 100644 --- a/docs/modules/quickstarters/pages/fe-angular.adoc +++ b/docs/modules/quickstarters/pages/fe-angular.adoc @@ -11,6 +11,7 @@ User this is a Angular project quickstarter if you want to build a frontend. It ---- . ├── Jenkinsfile - This file contains Jenkins build configuration settings +├── .pre-commit-config.yaml ├── README.md ├── angular.json - This file contains Angular project configuration settings ├── browserslist - This file is used by the build system to adjust CSS and JS output to support the specified browsers @@ -86,6 +87,8 @@ Please note: By default the applciation is always build as full production build Please note: The support for *TSLint* has been removed from this quickstarter. Also Angular is not shipping a linter by default anymore. Please consider adding *ESLint* support or a formatter like *Prettier*. For adding ESLint simply type `ng add @angular-eslint/schematics`. For setting up Prettier please see https://prettier.io/docs/en/install.html. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/nodejs18[Node.js 18 builder agent] for Jenkins. diff --git a/fe-angular/files/.pre-commit-config.yaml b/fe-angular/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/fe-angular/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From d36e91a67b74de2df8ceace2c4a3662b472b1244 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:29:26 +0000 Subject: [PATCH 17/25] Add hook and docs to fe-ionic --- docs/modules/quickstarters/pages/fe-ionic.adoc | 3 +++ fe-ionic/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 fe-ionic/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/fe-ionic.adoc b/docs/modules/quickstarters/pages/fe-ionic.adoc index 7475e5254..87228738e 100644 --- a/docs/modules/quickstarters/pages/fe-ionic.adoc +++ b/docs/modules/quickstarters/pages/fe-ionic.adoc @@ -51,6 +51,7 @@ The files are generated using https://ionicframework.com/docs/cli/[Ionic CLI]. ├── capacitor.config.xml - This file contains config settings for your mobile app, like package name and native preferences ├── ionic.config.json - This file contains Ionic project configuration ├── Jenkinsfile - This file contains Jenkins build configuration settings +├── .pre-commit-config.yaml ├── karma.conf.js ├── metadata.yml - Component metadata ├── package.json - This file contains scripts to run and node packages dependencies for project @@ -114,6 +115,8 @@ Unit Test:: Runs unit test cases by executing `npm run test` command. If any tes Lint:: Profiler that ensures code best practices by running `npm run lint` command, if linting is not passing, the build is marked as failed also. SonarQube Analysis:: Triggers a code quality analysis by transfering code and test coverage analysis data to SonarQube. By default files like `*.spec.ts`, `*.modules.ts` and `./src/environments/**` are excluded from the analysis, since they usually don't contain application logic. Please revisit `sonar-project.properties` to configure analysis inclusions and exclusions according to your project's needs. +include::partial$secret-scanning-with-gitleaks.adoc + == Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/nodejs16[Node.js 16 builder agent] for Jenkins. diff --git a/fe-ionic/files/.pre-commit-config.yaml b/fe-ionic/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/fe-ionic/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From eaf2511d19e4169254409cf7248c129af4b0993b Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:29:43 +0000 Subject: [PATCH 18/25] Add hook and docs to inf-terraform-aws --- docs/modules/quickstarters/pages/inf-terraform-aws.adoc | 5 ++++- inf-terraform-aws/files/.pre-commit-config.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/modules/quickstarters/pages/inf-terraform-aws.adoc b/docs/modules/quickstarters/pages/inf-terraform-aws.adoc index 6b7ebf1a2..0c57fa105 100644 --- a/docs/modules/quickstarters/pages/inf-terraform-aws.adoc +++ b/docs/modules/quickstarters/pages/inf-terraform-aws.adoc @@ -14,6 +14,7 @@ The quickstarter includes kitchen-terraform with InSpec / cinc-auditor for testi ---- ├── Jenkinsfile - This file contains Jenkins stages. +├── .pre-commit-config.yaml ├── README.md ├── environments │ ├── dev.json - This file describes parameters for the development AWS environment. @@ -42,7 +43,9 @@ Inject preferred tags into common-tags.tf, add/remove resources needed to main.t The Jenkinsfile is provisioned with this quick starter to ease CI/CD process. In Jenkinsfile, there are various stages. -== Jenkins agent used +include::partial$secret-scanning-with-gitleaks.adoc + +== Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/terraform[terraform] Jenkins agent. diff --git a/inf-terraform-aws/files/.pre-commit-config.yaml b/inf-terraform-aws/files/.pre-commit-config.yaml index aee89823b..921ce09aa 100644 --- a/inf-terraform-aws/files/.pre-commit-config.yaml +++ b/inf-terraform-aws/files/.pre-commit-config.yaml @@ -2,6 +2,10 @@ exclude: '.terraform' fail_fast: true repos: +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks - repo: https://github.com/pre-commit/pre-commit-hooks.git rev: v4.4.0 hooks: @@ -80,4 +84,3 @@ repos: files: (\.tf|\.rb)$ pass_filenames: false verbose: true - From 105e72098e2d58e7fed8596532d1dcf6bc6fcf9f Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:29:55 +0000 Subject: [PATCH 19/25] Add hook and docs to inf-terraform-azure --- docs/modules/quickstarters/pages/inf-terraform-azure.adoc | 5 ++++- inf-terraform-azure/files/.pre-commit-config.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/modules/quickstarters/pages/inf-terraform-azure.adoc b/docs/modules/quickstarters/pages/inf-terraform-azure.adoc index 8f750a279..ffb874de5 100644 --- a/docs/modules/quickstarters/pages/inf-terraform-azure.adoc +++ b/docs/modules/quickstarters/pages/inf-terraform-azure.adoc @@ -14,6 +14,7 @@ The quickstarter includes kitchen-terraform with Chef InSpec / cinc-auditor for ---- ├── Jenkinsfile - This file contains Jenkins stages. +├── .pre-commit-config.yaml ├── README.md ├── environments │ ├── dev.tfbackend.config - This file describes terraform backend parameters in the dev Azure subscription. @@ -48,7 +49,9 @@ Inject preferred tags into common-tags.tf, add/remove resources needed to main.t The Jenkinsfile is provisioned with this quickstarter to ease CI/CD process. In Jenkinsfile, there are various stages. -== Jenkins agent used +include::partial$secret-scanning-with-gitleaks.adoc + +== Builder agent used This quickstarter uses https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents/terraform[terraform] Jenkins agent. diff --git a/inf-terraform-azure/files/.pre-commit-config.yaml b/inf-terraform-azure/files/.pre-commit-config.yaml index 0f0f8dd26..248faf615 100644 --- a/inf-terraform-azure/files/.pre-commit-config.yaml +++ b/inf-terraform-azure/files/.pre-commit-config.yaml @@ -1,6 +1,10 @@ exclude: .terraform fail_fast: true repos: +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks - repo: https://github.com/pre-commit/pre-commit-hooks.git rev: v4.4.0 hooks: @@ -77,4 +81,3 @@ repos: files: (\.tf|\.rb)$ pass_filenames: false verbose: true - From aeba291525b558cd89a4697f318c897bdb3647a5 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:30:19 +0000 Subject: [PATCH 20/25] Add hook and docs to release-manager --- docs/modules/quickstarters/pages/release-manager.adoc | 3 +++ release-manager/files/.pre-commit-config.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 release-manager/files/.pre-commit-config.yaml diff --git a/docs/modules/quickstarters/pages/release-manager.adoc b/docs/modules/quickstarters/pages/release-manager.adoc index 62f0f0dbe..140e2dadd 100644 --- a/docs/modules/quickstarters/pages/release-manager.adoc +++ b/docs/modules/quickstarters/pages/release-manager.adoc @@ -8,6 +8,7 @@ The release manager supports the orchestration of multiple repositories into a l . ├── docs # Fall-back document chapter templates for (LeVA) compliance reports. ├── Jenkinsfile # The release manager pipeline. +├── .pre-commit-config.yaml ├── README.md └── metadata.yml # Configuration of the release manager pipeline and its repositories. ---- @@ -133,3 +134,5 @@ In this case, the release manager will fall back to the document chapter templat === Automated Cloning of Environments If you want your _target environment_ to be created from an existing _source environment_ such as `dev` or `test` on the fly, you need to provide the `environment` and `sourceEnvironmentToClone` parameters to your pipeline, respectively. Their values will be combined with your project ID in the form `${project-id}-${environment}` to create the project (namespace) name in your OpenShift cluster. + +include::partial$secret-scanning-with-gitleaks.adoc diff --git a/release-manager/files/.pre-commit-config.yaml b/release-manager/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/release-manager/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 72be6f322ebfccb6a45ff51bf5138cba829f83fe Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:31:04 +0000 Subject: [PATCH 21/25] update docker-plain docs --- docs/modules/quickstarters/pages/docker-plain.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/quickstarters/pages/docker-plain.adoc b/docs/modules/quickstarters/pages/docker-plain.adoc index 64d113d2c..6360ec65b 100644 --- a/docs/modules/quickstarters/pages/docker-plain.adoc +++ b/docs/modules/quickstarters/pages/docker-plain.adoc @@ -10,8 +10,8 @@ or that you need to "OpenShiftify", by setting an (non-root) execution user, etc ---- ├── Jenkinsfile - Contains Jenkins build configuration -├── README.md ├── .pre-commit-config.yaml +├── README.md ├── docker - Contains Dockerfile for the build │ └── Dockerfile ├── metadata.yml - Component metadata From 20f66ffd9a5019cfaf6f7720febb4e31d3433937 Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:31:22 +0000 Subject: [PATCH 22/25] Add hook to saas-documentation --- saas-documentation/files/.pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 saas-documentation/files/.pre-commit-config.yaml diff --git a/saas-documentation/files/.pre-commit-config.yaml b/saas-documentation/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/saas-documentation/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From dd918a1acaaa44d14a7be613eb359489b5bdd9da Mon Sep 17 00:00:00 2001 From: "Martin (serverhorror) Marcher" Date: Wed, 25 Oct 2023 10:32:08 +0000 Subject: [PATCH 23/25] Add hook to be-fe-mono-repo-plain --- be-fe-mono-repo-plain/files/.pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 be-fe-mono-repo-plain/files/.pre-commit-config.yaml diff --git a/be-fe-mono-repo-plain/files/.pre-commit-config.yaml b/be-fe-mono-repo-plain/files/.pre-commit-config.yaml new file mode 100644 index 000000000..c9528f476 --- /dev/null +++ b/be-fe-mono-repo-plain/files/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.1 + hooks: + - id: gitleaks From 7ec1ca7759dcdce4181887417373c1b8b05ef6bd Mon Sep 17 00:00:00 2001 From: serverhorror <36151+serverhorror@users.noreply.github.com> Date: Mon, 30 Oct 2023 15:32:26 +0100 Subject: [PATCH 24/25] Update docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc Co-authored-by: Christian Schweikert <43915417+cschweikert@users.noreply.github.com> --- .../quickstarters/partials/secret-scanning-with-gitleaks.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc b/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc index 4d2927026..1a19f4244 100644 --- a/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc +++ b/docs/modules/quickstarters/partials/secret-scanning-with-gitleaks.adoc @@ -1,7 +1,7 @@ == Secret scanning with gitleaks This repository has a pre-commit hook that runs gitleaks on every commit. -To install the hook, run: +To https://pre-commit.com/#install[install the hook], run: ``` pip install pre-commit From 4d4bc2212a3815c5e8b81626d99478eb3c3433b7 Mon Sep 17 00:00:00 2001 From: serverhorror <36151+serverhorror@users.noreply.github.com> Date: Mon, 30 Oct 2023 15:32:42 +0100 Subject: [PATCH 25/25] Update CHANGELOG.md Co-authored-by: Christian Schweikert <43915417+cschweikert@users.noreply.github.com> --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ef45a310..ce6b665fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Changelog ### Added -- Added scret scanning in docker plain ([#963](https://github.com/opendevstack/ods-quickstarters/pull/963)) +- Added secret scanning in docker plain ([#963](https://github.com/opendevstack/ods-quickstarters/pull/963)) ### Modified