File tree Expand file tree Collapse file tree 2 files changed +18
-1
lines changed Expand file tree Collapse file tree 2 files changed +18
-1
lines changed Original file line number Diff line number Diff line change @@ -940,11 +940,14 @@ RUN apt-get update && apt-get dist-upgrade -yy && apt-get install -yy \
940940\
941941
942942
943+ RUN pip install --break-system-packages --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
944+
943945RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14 \
944946\
945947\
946948\
947949
950+
948951RUN update-alternatives --remove cpp /usr/bin/cpp && \
949952
950953
Original file line number Diff line number Diff line change @@ -37,6 +37,7 @@ LINTERS_ALL=( \
3737 markdownlint \
3838 prettier \
3939 shellcheck \
40+ detect_secrets \
4041 )
4142LINTERS_DISABLED=()
4243LINTERS_ENABLED=()
@@ -278,6 +279,13 @@ function do_clang_format() {
278279 " ${CLANG_FORMAT} " " $@ "
279280}
280281
282+ LINTER_REQUIRE+=([detect_secrets]=" detect-secrets;.secrets.baseline"
283+ LINTER_TYPES+=([detect_secrets]=" c;cpp;bash;sh;json;python"
284+ function do_detect_secrets() {
285+ detect-secrets scan --update .secrets.baseline
286+ detect-secrets audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline
287+ }
288+
281289function get_file_type()
282290{
283291 case " $( basename " $1 " ) " in
433441# Check for differences.
434442if [ -z " $OPTION_NO_DIFF " ; then
435443 echo -e " ${BLUE} Result differences...${NORMAL} "
436- if ! git --no-pager diff --exit-code ; then
444+ # .secrets.baseline will have its date updated everytime we run so
445+ # just restore it
446+ if [ -e .secrets.baseline ]
447+ then
448+ git restore .secrets.baseline
449+ fi
450+ if ! git --no-pager diff --exit-code; then
437451 echo -e " Format: ${RED} FAILED${NORMAL} "
438452 exit 1
439453 else
You can’t perform that action at this time.
0 commit comments