diff --git a/.github/workflows/validate_terraform.yml b/.github/workflows/validate_terraform.yml index a57a289..0fdefd4 100644 --- a/.github/workflows/validate_terraform.yml +++ b/.github/workflows/validate_terraform.yml @@ -25,6 +25,9 @@ jobs: - name: Install pre-commit run: pip install pre-commit + - + name: Upgrade hooks + run: pre-commit autoupdate - name: Run pre-commit command run: pre-commit run -a @@ -37,12 +40,3 @@ jobs: - name: terraform fmt check # perform format checks run: terraform fmt -list=true -write=false -check -recursive - - - uses: 8398a7/action-slack@v2 - with: - status: ${{ job.status }} - author_name: Integration Test # default: 8398a7@action-slack - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # optional - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required - if: always() # Pick up events even if the job fails or is canceled. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 89fca54..007d091 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,12 +6,26 @@ default_stages: [commit] # Terraform Validate : Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.45.0 + rev: v1.52.0 hooks: - id: terraform_fmt - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 + rev: v4.0.1 hooks: - id: check-merge-conflict - id: trailing-whitespace - id: detect-private-key +- repo: https://github.com/ibm/detect-secrets + # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha. + # You are encouraged to use static refs such as tags, instead of branch name + # + # Running "pre-commit autoupdate" would automatically updates rev to latest tag + rev: 0.13.1+ibm.46.dss + hooks: + - id: detect-secrets # pragma: whitelist secret + # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options. + # You may also run `pre-commit run detect-secrets` to preview the scan result. + # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file + # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins + # add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets + args: [--baseline, .secrets.baseline, --use-all-plugins ] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..0262f0f --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,85 @@ +{ + "exclude": { + "files": "^.secrets.baseline$", + "lines": null + }, + "generated_at": "2021-10-12T12:36:29Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": {}, + "version": "0.13.1+ibm.46.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/README.md b/README.md index 9a6b08a..f582b8a 100644 --- a/README.md +++ b/README.md @@ -119,16 +119,45 @@ Be sure you have the compiled plugins on $HOME/.terraform.d/plugins/ ### Pre-commit Hooks Run the following command to execute the pre-commit hooks defined in .pre-commit-config.yaml file - +``` pre-commit run -a +``` We can install pre-coomit tool using +``` pip install pre-commit or pip3 install pre-commit +``` + +### Detect Secret Hook + +Used to detect secrets within a code base. + +To create a secret baseline file run following command + +``` +detect-secrets scan --update .secrets.baseline +``` + +While running the pre-commit hook, if you encounter an error like + +``` +WARNING: You are running an outdated version of detect-secrets. +Your version: 0.13.1+ibm.27.dss +Latest version: 0.13.1+ibm.46.dss +See upgrade guide at https://ibm.biz/detect-secrets-how-to-upgrade +``` + +run below command + +``` +pre-commit autoupdate +``` +which upgrades all the pre-commit hooks present in .pre-commit.yaml file. ## How to input varaible values through a file diff --git a/test/cluster_e2e_test.go b/test/cluster_e2e_test.go index a92414e..d3cea46 100644 --- a/test/cluster_e2e_test.go +++ b/test/cluster_e2e_test.go @@ -27,6 +27,7 @@ func TestAccIBMClusterE2E(t *testing.T) { "flavor": "b3c.16x64", "worker_pool_name": "workerPoolDemo", "region": "us-south", + "private_vlan_id": "2988890", }, })