Update gitleaks configuration in mega-linter

- Make `gitleaks` only check the current PR - Add comments in `test_*.py` to make `gitleaks` ignore the test user data Signed-off-by: Joe Block <[email protected]>
unixorn · Jan 1, 2024 · f8b717a · f8b717a
1 parent 339de21
commit f8b717a
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 56 deletions.
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -51,10 +51,12 @@ jobs:
       - name: Lint Code Base
         uses: oxsecurity/megalinter/flavors/python@v7
         env:
+          DOCKERFILE_HADOLINT_DISABLE_ERRORS: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PAT: ${{secrets.PAT}}
+          REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: true
           REPOSITORY_TRIVY_DISABLE_ERRORS: true
-          DOCKERFILE_HADOLINT_DISABLE_ERRORS: true
+          VALIDATE_ALL_CODEBASE: false
 
       # Upload Mega-Linter artifacts.
       # They will be available on Github action page "Artifacts" section

diff --git a/poetry.lock b/poetry.lock
diff --git a/tests/test_discoverable.py b/tests/test_discoverable.py
@@ -37,7 +37,7 @@
 def discoverable() -> Discoverable[EntityInfo]:
     mqtt_settings = Settings.MQTT(
         host="localhost", username="admin", password="password"
-    )
+    )  # gitleaks:allow
     sensor_info = EntityInfo(name="test", component="binary_sensor")
     settings = Settings(mqtt=mqtt_settings, entity=sensor_info)
     return Discoverable[EntityInfo](settings)
@@ -48,7 +48,7 @@ def discoverable_availability() -> Discoverable[EntityInfo]:
     """Return an instance of Discoverable configured with `manual_availability`"""
     mqtt_settings = Settings.MQTT(
         host="localhost", username="admin", password="password"
-    )
+    )  # gitleaks:allow
     sensor_info = EntityInfo(name="test", component="binary_sensor")
     settings = Settings(
         mqtt=mqtt_settings, entity=sensor_info, manual_availability=True
@@ -206,7 +206,7 @@ def test_device_with_unique_id():
 def test_name_with_space():
     mqtt_settings = Settings.MQTT(
         host="localhost", username="admin", password="password"
-    )
+    )  # gitleaks:allow
     sensor_info = EntityInfo(name="Name with space", component="binary_sensor")
     settings = Settings(mqtt=mqtt_settings, entity=sensor_info)
     d = Discoverable[EntityInfo](settings)
@@ -216,7 +216,7 @@ def test_name_with_space():
 def test_custom_object_id():
     mqtt_settings = Settings.MQTT(
         host="localhost", username="admin", password="password"
-    )
+    )  # gitleaks:allow
     sensor_info = EntityInfo(
         name="Test name", component="binary_sensor", object_id="custom object id"
     )
@@ -303,7 +303,7 @@ def test_disconnect_client(mocker: MockerFixture):
     mock_instance.connect.return_value = MQTT_ERR_SUCCESS
     mqtt_settings = Settings.MQTT(
         host="localhost", username="admin", password="password"
-    )
+    )  # gitleaks:allow
     sensor_info = EntityInfo(name="test", component="binary_sensor")
     settings = Settings(mqtt=mqtt_settings, entity=sensor_info)