chore: add git secrets scan (#508)

carvantes · web-flow · commit 2bf9edc69a40 · 2021-11-04T10:38:15.000-07:00
diff --git a/.gitallowed b/.gitallowed
@@ -0,0 +1,2 @@
+# This file matches because of "βrazil nut" (It's silly that git secrets also scans this file, so we cannot write βrazil with a regular "B")
+javaHapiValidatorLambda/src/test/resources/testImplementationGuides-r4/us-core/ValueSet-us-core-allergy-substance.json
diff --git a/.github/workflows/build-and-validate.yaml b/.github/workflows/build-and-validate.yaml
@@ -33,3 +33,23 @@ jobs:
           yarn release
           cd ..
           yarn release
+
+  scan-for-secrets:
+    name: Scan for secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Git Secrets
+        run: |
+          cd ~
+          git clone https://github.com/awslabs/git-secrets.git && cd git-secrets
+          sudo make install
+          git secrets --register-aws --global
+          git secrets --add '[aA]pollo|[bB]razil|[cC]oral|[oO]din' --global
+          git secrets --add 'tt\.amazon\.com|t\.corp\.amazon\.com|issues\.amazon\.com|sim\.amazon\.com|cr\.amazon\.com' --global
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Run Git Secrets
+        run: git secrets --scan
+      - name: Print remediation message
+        if: failure()
+        run: echo "git secrets found potential leaked credentials. If ANY credentials were committed, they MUST be immediately revoked."

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# This file matches because of "βrazil nut" (It's silly that git secrets also scans this file, so we cannot write βrazil with a regular "B")`
	`2`	`+javaHapiValidatorLambda/src/test/resources/testImplementationGuides-r4/us-core/ValueSet-us-core-allergy-substance.json`