mirror of
https://github.com/codeflash-ai/codeflash-internal.git
synced 2026-05-04 18:25:18 +00:00
add secret scanner and monorepo hook (#1201)
### **User description**
### To Test this PR##
1. Clone and switch to the branch and Run `npm install`
2. Fork into a new branch to avoid pushing to this open PR
3. Add a file anywhere like test_secret.py and below code
```
def test_function():
# This is a fake API key for testing purposes
api_key = "12345-ABCDE-67890-FGHIJ"
print("Testing secret detection.")
````
4. Add and try commiting the changes
### **User description**
closes #
https://linear.app/codeflash-ai/issue/CF-442/implement-a-secrets-scanning-solution-pre-commit-on-pr-deployments
___
### **PR Type**
enhancement, configuration changes
___
### **Description**
- Added Secretlint configuration to scan for secrets using recommended
rules.
- Introduced a shell script to run Ruff linting for Python projects.
- Updated README with setup instructions and prerequisites for Node.js,
npm, Python, and Mamba.
- Configured Lefthook for pre-commit hooks to perform secret scanning
and code linting.
- Created `package.json` with scripts for Lefthook installation and
Secretlint execution, and added relevant development dependencies.
___
### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Configuration
changes</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>secretlint.config.js</strong><dd><code>Add Secretlint
configuration with recommended rules</code>
</dd></summary>
<hr>
secretlint.config.js
<li>Added configuration for Secretlint.<br> <li> Included a rule preset
for recommended secret scanning.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-134b2fd8c53958449a6b2a9f828d28149ffa192f0864afa76e82aa68a9c6cc20">+7/-0</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>lefthook.yml</strong><dd><code>Configure Lefthook for
pre-commit secret and code linting</code></dd></summary>
<hr>
lefthook.yml
<li>Added Lefthook configuration for pre-commit hooks.<br> <li>
Configured secret scanning, Python linting, and JS linting commands.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-ad6a01e589b8b1b214ca310dbb8d2e4314f6c612b921050c73c97455de43884d">+20/-0</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>package.json</strong><dd><code>Add package.json with
scripts and dev dependencies</code>
</dd></summary>
<hr>
package.json
<li>Added project metadata and scripts for Lefthook and Secretlint.<br>
<li> Included development dependencies for Lefthook, Secretlint, and
<br>ESLint.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519">+23/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>run_ruff.sh</strong><dd><code>Add shell script for Ruff
linting in Python projects</code>
</dd></summary>
<hr>
run_ruff.sh
<li>Added a shell script to run Ruff linting.<br> <li> Configured
environment activation and linting command.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-08d9b9bfc882fa06fe0a67bf49f0512f2ea2202f99286e1d826bb94d6af5e333">+12/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Documentation</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>README.md</strong><dd><code>Update README with project
setup and prerequisites</code>
</dd></summary>
<hr>
README.md
<li>Updated project setup instructions.<br> <li> Added prerequisites for
Node.js, npm, Python, and Mamba.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5">+8/-0</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
request to receive relevant information
___
### **PR Type**
Enhancement, Configuration changes
___
### **Description**
- Added Secretlint configuration to scan for secrets using recommended
rules.
- Introduced a shell script to run Ruff linting for Python projects.
- Updated README with setup instructions and prerequisites for Node.js,
npm, Python, and Mamba.
- Configured Lefthook for pre-commit hooks to perform secret scanning
and code linting.
- Created `package.json` with scripts for Lefthook installation and
Secretlint execution, and added relevant development dependencies.
___
### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Configuration
changes</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>secretlint.config.js</strong><dd><code>Add Secretlint
configuration for secret scanning</code>
</dd></summary>
<hr>
secretlint.config.js
<li>Added Secretlint configuration file.<br> <li> Configured with
recommended rules for secret scanning.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-134b2fd8c53958449a6b2a9f828d28149ffa192f0864afa76e82aa68a9c6cc20">+7/-0</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>lefthook.yml</strong><dd><code>Configure Lefthook for
pre-commit secret scanning and linting</code></dd></summary>
<hr>
lefthook.yml
<li>Configured Lefthook for pre-commit hooks.<br> <li> Added commands
for secret scanning and code linting.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-ad6a01e589b8b1b214ca310dbb8d2e4314f6c612b921050c73c97455de43884d">+20/-0</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>package.json</strong><dd><code>Add package.json with
scripts and dependencies</code>
</dd></summary>
<hr>
package.json
<li>Created <code>package.json</code> for the monorepo.<br> <li> Added
scripts for Lefthook and Secretlint.<br> <li> Included development
dependencies.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519">+23/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>run_ruff.sh</strong><dd><code>Introduce shell script
for Ruff linting in Python</code>
</dd></summary>
<hr>
run_ruff.sh
<li>Created a shell script to run Ruff linting.<br> <li> Script
navigates to the Python project directory.<br> <li> Activates Mamba
environment for linting.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-08d9b9bfc882fa06fe0a67bf49f0512f2ea2202f99286e1d826bb94d6af5e333">+12/-0</a>
</td>
</tr>
</table></td></tr><tr><td><strong>Documentation</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>README.md</strong><dd><code>Update README with setup
instructions and prerequisites</code> </dd></summary>
<hr>
README.md
<li>Added project setup instructions.<br> <li> Listed prerequisites for
Node.js, npm, Python, and Mamba.<br>
</details>
</td>
<td><a
href="https://github.com/codeflash-ai/codeflash/pull/1201/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5">+8/-0</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
___
> 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
request to receive relevant information
This commit is contained in:
Sarthak Agarwal
GitHub
parent
c46f254ec0
commit
43b15c68da
5 changed files with 60 additions and 0 deletions
8
.gitignore
vendored
8
.gitignore
vendored
|
|
@ -163,5 +163,13 @@ cython_debug/
|
|||
#.idea/
|
||||
.aider*
|
||||
/js/common/node_modules/
|
||||
/node_modules/
|
||||
*.xml
|
||||
*.pem
|
||||
|
||||
# Ruff cache
|
||||
.ruff_cache/
|
||||
|
||||
# IDE settings
|
||||
.idea/
|
||||
.vscode/
|
||||
|
|
|
|||
|
|
@ -7,6 +7,14 @@ Here's the projects that are part of the CodeFlash MonoRepo:
|
|||
- CodeFlash NodeJS CF API - /js/cf-api
|
||||
- CodeFlash Webapp - /js/cf-webapp
|
||||
|
||||
# Project Setup
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- **Node.js and npm**: Ensure Node.js is installed and npm is set up for installation of pre-commit hook(Lefthook).
|
||||
- **Python and Mamba**: Ensure Python is installed and Mamba is set up.
|
||||
|
||||
post clone run `npm install` to install all the dependencies at root level.
|
||||
|
||||
## Glossary
|
||||
### Optimization
|
||||
|
|
|
|||
14
lefthook.yml
Normal file
14
lefthook.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
pre-commit:
|
||||
parallel: true
|
||||
commands:
|
||||
secret-scan:
|
||||
runner: "node"
|
||||
glob: "*"
|
||||
exclude: "node_modules/**|venv/**|.venv/**|__pycache__/**|dist/**|build/**"
|
||||
command: "./node_modules/.bin/secretlint {staged_files} --maskSecrets --config ./secretlint.config.js"
|
||||
|
||||
js-lint:
|
||||
runner: "node"
|
||||
glob: "*.js"
|
||||
exclude: "node_modules/**|build/**|dist/**"
|
||||
command: "./node_modules/.bin/eslint {staged_files} --ignore-path .gitignore"
|
||||
23
package.json
Normal file
23
package.json
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
{
|
||||
"name": "codeflashai",
|
||||
"version": "1.0.0",
|
||||
"description": "Here's the projects that are part of the CodeFlash MonoRepo:",
|
||||
"main": "index.js",
|
||||
"directories": {
|
||||
"doc": "docs"
|
||||
},
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1",
|
||||
"prepare": "lefthook install",
|
||||
"secretlint": "secretlint \"**/*\" --maskSecrets --config ./secretlint.config.js --ignore \"**/node_modules/**\" \"**/venv/**\" \"**/.venv/**\" \"**/__pycache__/**\""
|
||||
},
|
||||
"keywords": [],
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"devDependencies": {
|
||||
"@evilmartians/lefthook": "^1.8.2",
|
||||
"@secretlint/secretlint-rule-preset-recommend": "^9.0.0",
|
||||
"eslint": "^9.14.0",
|
||||
"secretlint": "^9.0.0"
|
||||
}
|
||||
}
|
||||
7
secretlint.config.js
Normal file
7
secretlint.config.js
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
module.exports = {
|
||||
rules: [
|
||||
{
|
||||
id: "@secretlint/secretlint-rule-preset-recommend",
|
||||
},
|
||||
],
|
||||
};
|
||||
Loading…
Reference in a new issue