Skip to content

Commit

Permalink
github action
Browse files Browse the repository at this point in the history
  • Loading branch information
SanderGi authored and devxpy committed Aug 12, 2024
1 parent d77e4e6 commit ec84087
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 1 deletion.
15 changes: 15 additions & 0 deletions .github/workflows/gitleaks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: gitleaks
on: [pull_request, push, workflow_dispatch]
jobs:
scan:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
GITLEAKS_NOTIFY_USER_LIST: '@sandergi'
21 changes: 21 additions & 0 deletions .gitleaksignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
4749e3ef005e8ddc6562d1bd82a00e752a7e94e3:explore.py:aws-access-token:16
4749e3ef005e8ddc6562d1bd82a00e752a7e94e3:explore.py:private-key:23
4749e3ef005e8ddc6562d1bd82a00e752a7e94e3:explore.py:generic-api-key:32
b0c80dac8e22faafa319d5466947df8723dfaa4a:daras_ai_v2/img_model_settings_widgets.py:generic-api-key:372
8670036e722f40530dbff3e0e7573e9b5aac85c9:routers/slack.py:slack-webhook-url:73
b6ad1fc0168832711adcff07287907660f3305fb:bots/location.py:generic-api-key:12
8c05ec8320a866304842fb5f4df76e0698f1031f:bots/analysis.py:generic-api-key:5
1c03d569dd30bb9703e4ff968a57a05eb405e398:bots/signals.py:generic-api-key:11
5e3dd6cf0da20b3e5b1daaca41ad126bc489fbf3:static/js/auth.js:generic-api-key:2
87e443addbbc49746ab3088307a59b3e2fc2d177:recipes/CompareText2Img.py:generic-api-key:97
1f109a743b1781c7a21c1b0ca6a3f880f7f7dc84:recipes/CompareText2Img.py:generic-api-key:77
d18d8b9bb18a9ff8248b16b26f0455f7826ce23a:recipes/CompareText2Img.py:generic-api-key:85
5471a8ac2d60026b24f21b51ae6f11db8acd160c:pages/CompareText2Img.py:generic-api-key:92
5471a8ac2d60026b24f21b51ae6f11db8acd160c:daras_ai_v2/img_model_settings_widgets.py:generic-api-key:90
6fca6072032e4f34d7d571e7de8e0ff05f7a487b:static/js/auth.js:generic-api-key:2
2292469b22d97263c7c59cf49fae7281ce96a39c:pages/CompareText2Img.py:generic-api-key:137
aae9d67ed6330a3eb2ede41d5ceeca52a8f0daf4:static/js/auth.js:gcp-api-key:2
d5866242d107743ab5eebeb284e7e5ee2426d941:pages/SocialLookupEmail.py:generic-api-key:181
73bef8c3be7682fed0b99ceb6770f599eabbbd08:daras_ai_v2/send_email.py:generic-api-key:25
fa3f7982fa1527838c2073d2542c83887cc6ebbd:pages/EmailFaceInpainting.py:generic-api-key:189
e1c218882d288ca1df0225654aae8dd10027e9d0:political_example.py:jwt:30
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -211,4 +211,6 @@ Use black - https://pypi.org/project/black

### 💣 Secret Scanning

Gitleaks will automatically run pre-commit (see `pre-commit-config.yaml` for details) to prevent commits with secrets in the first place. To test this without committing, run `pre-commit` from the terminal. To skip this check for false positives, use `SKIP=gitleaks git commit -m "message"` to commit changes.
Gitleaks will automatically run pre-commit (see `pre-commit-config.yaml` for details) to prevent commits with secrets in the first place. To test this without committing, run `pre-commit` from the terminal. To skip this check, use `SKIP=gitleaks git commit -m "message"` to commit changes. Preferably, label false positives with the `#gitleaks:allow` comment instead of skipping the check.

Gitleaks will also run in the CI pipeline as a GitHub action on push and pull request (can also be manually triggered in the actions tab on GitHub). To update the baseline of ignored secrets, run `python ./scripts/create_gitleaks_baseline.py` from the venv and commit the changes to `.gitleaksignore`.
18 changes: 18 additions & 0 deletions scripts/create_gitleaks_baseline.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/usr/bin/env python3

import subprocess
import json

# create a baseline file
subprocess.run(
["gitleaks", "detect", "--report-path", "gitleaks-baseline.json"],
)

# parse the baseline file
with open("gitleaks-baseline.json") as f:
baseline = json.load(f)

# output list of "Fingerprint"s to .gitleaksignore
with open(".gitleaksignore", "w") as f:
for leak in baseline:
f.write(leak["Fingerprint"] + "\n")

0 comments on commit ec84087

Please sign in to comment.