diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..ebf0b49 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,211 @@ +{ + "exclude": { + "files": "^.secrets.baseline$", + "lines": null + }, + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": { + "Casks/g/galasactl.rb": [ + { + "hashed_secret": "83284a5406883b67766b7e94d345f9409942d84a", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e69e8ff55c406ec90a7f38843b96497c07069e44", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.33.0.rb": [ + { + "hashed_secret": "bb1bfaa5682b608179d35c219b2727d09b4ca4ea", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "0639df56ffc1bb86d8fce8e579a147203b62b804", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.34.0.rb": [ + { + "hashed_secret": "c1ad569592ebca9f749c7b28775f62e8711b8cbf", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e6f334ca38a65ff8e24412141019e835e2e7907a", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.34.1.rb": [ + { + "hashed_secret": "aacb017e1e456863d366c0f5e3995b00692d3d32", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "efc35e0c31d1c41304b2707db78e518f1130bbc4", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.35.0.rb": [ + { + "hashed_secret": "8925b8501ad17d10e2603a43947c312b8f9f1ecc", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "b1f341eeec92753e61fc917fc94ac540e160bb9b", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.36.0.rb": [ + { + "hashed_secret": "5205f4320207b08a0e307bb971f8337180d6edcf", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "8906b45a0afff04142bb4e9eddc71e5d281faa5c", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "Casks/g/galasactl@0.37.0.rb": [ + { + "hashed_secret": "83284a5406883b67766b7e94d345f9409942d84a", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "e69e8ff55c406ec90a7f38843b96497c07069e44", + "is_secret": false, + "is_verified": false, + "line_number": 7, + "type": "Hex High Entropy String", + "verified_result": null + } + ] + }, + "version": "0.13.1+ibm.62.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/build-locally.sh b/build-locally.sh new file mode 100755 index 0000000..b2736d7 --- /dev/null +++ b/build-locally.sh @@ -0,0 +1,142 @@ +#! /usr/bin/env bash + +# +# Copyright contributors to the Galasa project +# +# SPDX-License-Identifier: EPL-2.0 +# +#----------------------------------------------------------------------------------------- +# +# Objectives: Build this repository code locally. +# +#----------------------------------------------------------------------------------------- + +# Where is this script executing from ? +BASEDIR=$(dirname "$0");pushd $BASEDIR 2>&1 >> /dev/null ;BASEDIR=$(pwd);popd 2>&1 >> /dev/null +# echo "Running from directory ${BASEDIR}" +export ORIGINAL_DIR=$(pwd) +# cd "${BASEDIR}" + +cd "${BASEDIR}/.." +WORKSPACE_DIR=$(pwd) +cd $BASEDIR + + +#----------------------------------------------------------------------------------------- +# +# Set Colors +# +#----------------------------------------------------------------------------------------- +bold=$(tput bold) +underline=$(tput sgr 0 1) +reset=$(tput sgr0) +red=$(tput setaf 1) +green=$(tput setaf 76) +white=$(tput setaf 7) +tan=$(tput setaf 202) +blue=$(tput setaf 25) + +#----------------------------------------------------------------------------------------- +# +# Headers and Logging +# +#----------------------------------------------------------------------------------------- +underline() { printf "${underline}${bold}%s${reset}\n" "$@" ;} +h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@" ;} +h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@" ;} +debug() { printf "${white}%s${reset}\n" "$@" ;} +info() { printf "${white}➜ %s${reset}\n" "$@" ;} +success() { printf "${green}✔ %s${reset}\n" "$@" ;} +error() { printf "${red}✖ %s${reset}\n" "$@" ;} +warn() { printf "${tan}➜ %s${reset}\n" "$@" ;} +bold() { printf "${bold}%s${reset}\n" "$@" ;} +note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@" ;} + +#----------------------------------------------------------------------------------------- +# Functions +#----------------------------------------------------------------------------------------- +function usage { + info "Syntax: build-locally.sh [OPTIONS]" + cat << EOF +Options are: +-h | --help - See this help. + +Environment variables +None +EOF +} + +function check_exit_code () { + # This function takes 2 parameters in the form: + # $1 an integer value of the returned exit code + # $2 an error message to display if $1 is not equal to 0 + if [[ "$1" != "0" ]]; then + error "$2" + exit 1 + fi +} + +function check_secrets { + h2 "updating secrets baseline" + cd ${BASEDIR} + detect-secrets scan --update .secrets.baseline + rc=$? + check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" + success "updated secrets file" + + h2 "running audit for secrets" + detect-secrets audit .secrets.baseline + rc=$? + check_exit_code $rc "Failed to audit detect-secrets." + + #Check all secrets have been audited + secrets=$(grep -c hashed_secret .secrets.baseline) + audits=$(grep -c is_secret .secrets.baseline) + if [[ "$secrets" != "$audits" ]]; then + error "Not all secrets found have been audited" + exit 1 + fi + success "secrets audit complete" + + h2 "Removing the timestamp from the secrets baseline file so it doesn't always cause a git change." + mkdir -p temp + rc=$? + check_exit_code $rc "Failed to create a temporary folder" + cat .secrets.baseline | grep -v "generated_at" > temp/.secrets.baseline.temp + rc=$? + check_exit_code $rc "Failed to create a temporary file with no timestamp inside" + mv temp/.secrets.baseline.temp .secrets.baseline + rc=$? + check_exit_code $rc "Failed to overwrite the secrets baseline with one containing no timestamp inside." + success "secrets baseline timestamp content has been removed ok" +} + +#----------------------------------------------------------------------------------------- +# Process parameters +#----------------------------------------------------------------------------------------- +build_type="" + +gpg_passphrase="" + +while [ "$1" != "" ]; do + case $1 in + -h | --help ) usage + exit + ;; + * ) error "Unexpected argument $1" + usage + exit 1 + esac + shift +done + + +#----------------------------------------------------------------------------------------- +# Main logic. +#----------------------------------------------------------------------------------------- + +source_dir="." + +check_secrets + +success "Project ${project} built - OK - log is at ${log_file}" \ No newline at end of file