Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gitleaks configuration & dependencies #165

Merged
merged 6 commits into from
Jan 1, 2024
Merged

Update gitleaks configuration & dependencies #165

merged 6 commits into from
Jan 1, 2024

Conversation

unixorn
Copy link
Owner

@unixorn unixorn commented Jan 1, 2024
edited
Loading

Description

  • Bump poetry hook version
  • Make gitleaks mega-linter check only look at files in the PR
  • Demote actionlint errors to warnings - it's choking on the megalint configuration that was based on the tool's example GitHub action
  • Demote gitleaks errors to warnings so it stops whining about test user data in tests/test*py. This started when the checkout action was promoted to @v4.
  • Update python dependencies
  • yamllint complains about the mega-linter configuration file even though it's working. Demote its errors to warnings.

License Acceptance

  • This repository is Apache version 2.0 licensed and by making this PR, I am contributing my changes to the repository under the terms of the Apache 2 license.

Type of changes

  • Add/update a helper script
  • Add/update link to an external resource like a blog post or video
  • Bug fix
  • New feature
  • Test updates
  • Text cleanups/updates

Checklist

  • I have read the CONTRIBUTING document.
  • All new and existing tests pass.
  • Any scripts added use #!/usr/bin/env interpreter instead of potentially platform-specific direct paths (#!/bin/sh is an allowed exception)
  • Scripts added/updated in this PR are all marked executable.
  • Scripts added/updated in this PR do not have a language file extension unless they are meant to be sourced and not run standalone. No one should have to know if a script was written in bash, python, ruby or whatever. Not including file extensions makes it easier to rewrite the script in another language later without having to change every reference to the previous version.
  • I have confirmed that any links added or updated in my PR are valid.

@unixorn
Copy link
Owner Author

unixorn commented Jan 1, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ ACTION actionlint 1 1 0.8s
✅ COPYPASTE jscpd yes no 1.8s
✅ EDITORCONFIG editorconfig-checker 4 0 0.01s
✅ PYTHON black 1 0 0.58s
✅ PYTHON flake8 1 0 1.37s
⚠️ PYTHON isort 1 2 0.19s
✅ PYTHON pylint 1 0 8.92s
✅ PYTHON ruff 1 0 0.01s
✅ REPOSITORY gitleaks yes no 0.05s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY grype yes no 10.45s
✅ REPOSITORY secretlint yes no 0.93s
✅ REPOSITORY trivy yes no 5.1s
✅ REPOSITORY trivy-sbom yes no 3.88s
✅ REPOSITORY trufflehog yes no 3.64s
✅ SPELL lychee 2 0 0.53s
⚠️ YAML prettier 2 1 0.38s
✅ YAML v8r 2 0 3.2s
⚠️ YAML yamllint 2 1 0.26s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

unixorn added 3 commits January 1, 2024 09:52
@unixorn
Demote actionlint errors to warnings
a711a56 
Signed-off-by: Joe Block <[email protected]>
@unixorn
Demote gitleaks errors to warnings
4bd66f3 
Keep gitleaks from whining about test user info in tests directory

Signed-off-by: Joe Block <[email protected]>
@unixorn
Demote yamllint errors to warnings too
d6329f4 
Signed-off-by: Joe Block <[email protected]>
@unixorn unixorn merged commit ce3c8c7 into main Jan 1, 2024
7 checks passed
@unixorn unixorn deleted the update-gitleaks-configuration branch January 1, 2024 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@unixorn