Loading sdk/templates/ci_dev.gitlab-ci.yml +17 −3 Original line number Diff line number Diff line Loading @@ -22,11 +22,25 @@ dev_secrets_in_repo: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: never - when: always # script: # - | # pip install trufflehog # cd ../ # trufflehog filesystem sdk --exclude-paths sdk/cicd/exclusions --max-depth 5 script: - | pip install trufflehog cd ../ trufflehog filesystem sdk --exclude-paths sdk/cicd/exclusions --max-depth 5 set -euo pipefail # 1) Descargar trufflehog v3 (binario) en vez del "trufflehog" de pip (v2) TRUF_VER="v3.82.0" ARCH="linux_amd64" # si tus runners son amd64 curl -sSL -o /tmp/trufflehog.tgz "https://github.com/trufflesecurity/trufflehog/releases/download/${TRUF_VER}/trufflehog_${TRUF_VER#v}_${ARCH}.tar.gz" tar -xzf /tmp/trufflehog.tgz -C /usr/local/bin trufflehog trufflehog --version # 2) Ejecutar scan sobre la carpeta sdk # OJO: usa el fichero real de exclusiones (ajusta si no está en cicd/exclusions) trufflehog filesystem sdk --exclude-paths cicd/exclusions --max-depth 5 <<: *dev_common # define the process to do linting code: ruff Loading sdk/templates/ci_staging.gitlab-ci.yml +14 −3 Original line number Diff line number Diff line Loading @@ -31,11 +31,22 @@ variables: staging_secrets_in_repo: stage: staging_secrets_in_repo # script: # - | # pip install trufflehog # cd ../ # trufflehog filesystem capif --exclude-paths capif/cicd/exclusions --max-depth 5 script: - | pip install trufflehog cd ../ trufflehog filesystem capif --exclude-paths capif/cicd/exclusions --max-depth 5 set -euo pipefail TRUF_VER="v3.82.0" ARCH="linux_amd64" curl -sSL -o /tmp/trufflehog.tgz "https://github.com/trufflesecurity/trufflehog/releases/download/${TRUF_VER}/trufflehog_${TRUF_VER#v}_${ARCH}.tar.gz" tar -xzf /tmp/trufflehog.tgz -C /usr/local/bin trufflehog trufflehog --version trufflehog filesystem capif --exclude-paths cicd/exclusions --max-depth 5 <<: *staging_common # define the process to do linting code: ruff Loading Loading
sdk/templates/ci_dev.gitlab-ci.yml +17 −3 Original line number Diff line number Diff line Loading @@ -22,11 +22,25 @@ dev_secrets_in_repo: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: never - when: always # script: # - | # pip install trufflehog # cd ../ # trufflehog filesystem sdk --exclude-paths sdk/cicd/exclusions --max-depth 5 script: - | pip install trufflehog cd ../ trufflehog filesystem sdk --exclude-paths sdk/cicd/exclusions --max-depth 5 set -euo pipefail # 1) Descargar trufflehog v3 (binario) en vez del "trufflehog" de pip (v2) TRUF_VER="v3.82.0" ARCH="linux_amd64" # si tus runners son amd64 curl -sSL -o /tmp/trufflehog.tgz "https://github.com/trufflesecurity/trufflehog/releases/download/${TRUF_VER}/trufflehog_${TRUF_VER#v}_${ARCH}.tar.gz" tar -xzf /tmp/trufflehog.tgz -C /usr/local/bin trufflehog trufflehog --version # 2) Ejecutar scan sobre la carpeta sdk # OJO: usa el fichero real de exclusiones (ajusta si no está en cicd/exclusions) trufflehog filesystem sdk --exclude-paths cicd/exclusions --max-depth 5 <<: *dev_common # define the process to do linting code: ruff Loading
sdk/templates/ci_staging.gitlab-ci.yml +14 −3 Original line number Diff line number Diff line Loading @@ -31,11 +31,22 @@ variables: staging_secrets_in_repo: stage: staging_secrets_in_repo # script: # - | # pip install trufflehog # cd ../ # trufflehog filesystem capif --exclude-paths capif/cicd/exclusions --max-depth 5 script: - | pip install trufflehog cd ../ trufflehog filesystem capif --exclude-paths capif/cicd/exclusions --max-depth 5 set -euo pipefail TRUF_VER="v3.82.0" ARCH="linux_amd64" curl -sSL -o /tmp/trufflehog.tgz "https://github.com/trufflesecurity/trufflehog/releases/download/${TRUF_VER}/trufflehog_${TRUF_VER#v}_${ARCH}.tar.gz" tar -xzf /tmp/trufflehog.tgz -C /usr/local/bin trufflehog trufflehog --version trufflehog filesystem capif --exclude-paths cicd/exclusions --max-depth 5 <<: *staging_common # define the process to do linting code: ruff Loading
