diff options
Diffstat (limited to 'users/wpcarro/ci')
-rw-r--r-- | users/wpcarro/ci/pipelines/post-receive.nix | 14 | ||||
-rw-r--r-- | users/wpcarro/ci/secret-patterns.txt | 9 |
2 files changed, 23 insertions, 0 deletions
diff --git a/users/wpcarro/ci/pipelines/post-receive.nix b/users/wpcarro/ci/pipelines/post-receive.nix new file mode 100644 index 000000000000..09b8990e13e2 --- /dev/null +++ b/users/wpcarro/ci/pipelines/post-receive.nix @@ -0,0 +1,14 @@ +{ pkgs, depot, ... }: + +let + inherit (builtins) path toJSON; + + pipeline.steps = [ + { + key = "lint-secrets"; + command = "${pkgs.git-secrets}/bin/git-secrets --scan-history"; + label = ":broom: lint secrets"; + } + ]; +in +pkgs.writeText "pipeline.yaml" (toJSON pipeline) diff --git a/users/wpcarro/ci/secret-patterns.txt b/users/wpcarro/ci/secret-patterns.txt new file mode 100644 index 000000000000..cbf58a1e744b --- /dev/null +++ b/users/wpcarro/ci/secret-patterns.txt @@ -0,0 +1,9 @@ +(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16} +("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')? +("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')? +AIza[0-9A-Za-z_-]{35} +[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com +(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{43} +(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{64} +ya29\.[0-9A-Za-z_-]+ +(sk|pk)_(test|live)_[a-zA-Z0-9]{99} |