about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ci/pipelines/briefcase.nix19
-rw-r--r--ci/secret-patterns.txt9
2 files changed, 10 insertions, 18 deletions
diff --git a/ci/pipelines/briefcase.nix b/ci/pipelines/briefcase.nix
index 03ede2b9c72a..b01e9f93cb9f 100644
--- a/ci/pipelines/briefcase.nix
+++ b/ci/pipelines/briefcase.nix
@@ -3,24 +3,7 @@
 let
   pipeline.steps = [
     {
-      command = let
-        # Regexes to detect sensitive information
-        patterns = pkgs.writeText "secrets.txt" ''
-          (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
-          ("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
-          ("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
-          AIza[0-9A-Za-z_-]{35}
-          [0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com
-          (^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{43}
-          (^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{64}
-          ya29\.[0-9A-Za-z_-]+
-          (sk|pk)_(test|live)_[a-zA-Z0-9]{99}
-        '';
-      in ''
-        cat .git/config
-        ${pkgs.git-secrets}/bin/git-secrets --add-provider -- cat ${patterns}
-        ${pkgs.git-secrets}/bin/git-secrets --scan-history
-      '';
+      command = "${pkgs.git-secrets}/bin/git-secrets --scan-history";
       label = ":broom: lint";
     }
     {
diff --git a/ci/secret-patterns.txt b/ci/secret-patterns.txt
new file mode 100644
index 000000000000..cbf58a1e744b
--- /dev/null
+++ b/ci/secret-patterns.txt
@@ -0,0 +1,9 @@
+(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
+("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
+("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
+AIza[0-9A-Za-z_-]{35}
+[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com
+(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{43}
+(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{64}
+ya29\.[0-9A-Za-z_-]+
+(sk|pk)_(test|live)_[a-zA-Z0-9]{99}