jenkins-x-boot-config
Fork

Origine de Fork:

jenkins-x/jenkins-x-boot-config

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Révision	551d49608e88db15851f4219cbd155844ee133a3 (tree)
l'heure	2019-09-11 18:31:30
Auteur	James Rawlings <rawlingsj80@gmai...>
Commiter	James Rawlings

Message de Log

fix: mount secrets into a non workspace dir to avoid checking out code into the same dir and accidentily commiting keys

Change Summary

add: .pre-commit-config.yaml (diff)
add: .secrets.baseline (diff)
modified: bdd/bdd.sh (diff)
modified: jenkins-x-bdd-local.yml (diff)
modified: jenkins-x-bdd-vault.yml (diff)

Modification

--- /dev/null

+++ b/.pre-commit-config.yaml

		@@ -0,0 +1,7 @@
	1	+repos:
	2	+- repo: git@github.com:Yelp/detect-secrets
	3	+ rev: v0.12.4
	4	+ hooks:
	5	+ - id: detect-secrets
	6	+ args: ['--baseline', '.secrets.baseline']
	7	+ exclude: ./tests/.
		\ No newline at end of file

--- /dev/null

+++ b/.secrets.baseline

		@@ -0,0 +1,89 @@
	1	+{
	2	+ "exclude": {
	3	+ "files": null,
	4	+ "lines": null
	5	+ },
	6	+ "generated_at": "2019-09-11T09:31:17Z",
	7	+ "plugins_used": [
	8	+ {
	9	+ "name": "AWSKeyDetector"
	10	+ },
	11	+ {
	12	+ "name": "ArtifactoryDetector"
	13	+ },
	14	+ {
	15	+ "base64_limit": 4.5,
	16	+ "name": "Base64HighEntropyString"
	17	+ },
	18	+ {
	19	+ "name": "BasicAuthDetector"
	20	+ },
	21	+ {
	22	+ "hex_limit": 3,
	23	+ "name": "HexHighEntropyString"
	24	+ },
	25	+ {
	26	+ "name": "KeywordDetector"
	27	+ },
	28	+ {
	29	+ "name": "PrivateKeyDetector"
	30	+ },
	31	+ {
	32	+ "name": "SlackDetector"
	33	+ },
	34	+ {
	35	+ "name": "StripeDetector"
	36	+ }
	37	+ ],
	38	+ "results": {
	39	+ "bdd/bdd.sh": [
	40	+ {
	41	+ "hashed_secret": "8ed71d19964ae8169396605379dc4f65ff292fe2",
	42	+ "is_secret": false,
	43	+ "line_number": 40,
	44	+ "type": "Secret Keyword"
	45	+ }
	46	+ ],
	47	+ "env/jenkins-x-platform/values.tmpl.yaml": [
	48	+ {
	49	+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
	50	+ "is_secret": false,
	51	+ "line_number": 20,
	52	+ "type": "Secret Keyword"
	53	+ }
	54	+ ],
	55	+ "env/jxboot-resources/values.tmpl.yaml": [
	56	+ {
	57	+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
	58	+ "is_secret": false,
	59	+ "line_number": 143,
	60	+ "type": "Secret Keyword"
	61	+ }
	62	+ ],
	63	+ "env/tekton/values.tmpl.yaml": [
	64	+ {
	65	+ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
	66	+ "is_secret": false,
	67	+ "line_number": 21,
	68	+ "type": "Secret Keyword"
	69	+ }
	70	+ ],
	71	+ "kubeProviders/iks/README.md": [
	72	+ {
	73	+ "hashed_secret": "aa5c16139fb7160196bad6d4a1ae97b677ff0d81",
	74	+ "is_secret": false,
	75	+ "line_number": 198,
	76	+ "type": "Secret Keyword"
	77	+ }
	78	+ ],
	79	+ "systems/external-dns/values.tmpl.yaml": [
	80	+ {
	81	+ "hashed_secret": "8aa3771c4ae26feb2df06246de60d7620aad7bb7",
	82	+ "is_secret": false,
	83	+ "line_number": 7,
	84	+ "type": "Secret Keyword"
	85	+ }
	86	+ ]
	87	+ },
	88	+ "version": "0.12.4"
	89	+}

--- a/bdd/bdd.sh

+++ b/bdd/bdd.sh

		@@ -15,7 +15,6 @@ export GH_OWNER="cb-kubecd"
15	15
16	16	export GH_CREDS_PSW="$(jx step credential -s jenkins-x-bot-test-github)"
17	17	export JENKINS_CREDS_PSW="$(jx step credential -s test-jenkins-user)"
18		-export GKE_SA="$(jx step credential -k bdd-credentials.json -s bdd-secret -f sa.json)"
19	18
20	19	# fix broken `BUILD_NUMBER` env var
21	20	export BUILD_NUMBER="$BUILD_ID"

--- a/jenkins-x-bdd-local.yml

+++ b/jenkins-x-bdd-local.yml

		@@ -15,10 +15,24 @@ pipelineConfig:
15	15	environment:
16	16	- name: GOPROXY
17	17	value: http://jenkins-x-athens-proxy:80
	18	+ - name: GKE_SA
	19	+ value: /secrets/bdd/sa.json
18	20	agent:
19	21	image: gcr.io/jenkinsxio/builder-go-maven
20	22	stages:
21	23	- name: ci
	24	+ options:
	25	+ volumes:
	26	+ - name: sa
	27	+ secret:
	28	+ secretName: bdd-secret
	29	+ items:
	30	+ - key: bdd-credentials.json
	31	+ path: bdd/sa.json
	32	+ containerOptions:
	33	+ volumeMounts:
	34	+ - mountPath: /secrets
	35	+ name: sa
22	36	steps:
23	37	- name: run-bdd
24	38	command: bdd/bdd.sh

--- a/jenkins-x-bdd-vault.yml

+++ b/jenkins-x-bdd-vault.yml

		@@ -21,10 +21,24 @@ pipelineConfig:
21	21	value: "boot"
22	22	- name: DOMAIN_SUFFIX
23	23	value: ".bdd.jenkins-x.rocks"
	24	+ - name: GKE_SA
	25	+ value: /secrets/bdd/sa.json
24	26	agent:
25	27	image: gcr.io/jenkinsxio/builder-go-maven
26	28	stages:
27	29	- name: ci
	30	+ options:
	31	+ volumes:
	32	+ - name: sa
	33	+ secret:
	34	+ secretName: bdd-secret
	35	+ items:
	36	+ - key: bdd-credentials.json
	37	+ path: bdd/sa.json
	38	+ containerOptions:
	39	+ volumeMounts:
	40	+ - mountPath: /secrets
	41	+ name: sa
28	42	steps:
29	43	- name: run-bdd
30	44	command: bdd/bdd.sh

jenkins-x-boot-config Fork