From 68c4d89cf16f035152a581fb332101c73b01cd5b Mon Sep 17 00:00:00 2001 From: Huy Ngo Date: Tue, 19 Nov 2024 14:41:18 -0600 Subject: [PATCH 1/2] feat: adding pre-commit hook to run trufflehog secrets scanning --- .pre-commit-config.yaml | 11 +++++++++++ README.md | 10 ++++++++++ 2 files changed, 21 insertions(+) create mode 100755 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100755 index 0000000..9997fc8 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,11 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: detect-private-key +- repo: local + hooks: + - id: trufflehog + name: trufflehog + entry: trufflehog filesystem . + language: system \ No newline at end of file diff --git a/README.md b/README.md index 0353f46..23abe7f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,15 @@ # airflow-dbt +### ATTENTION: This repo is set up for secrets scanning using pre-commit and TruffleHog. pre-commit (as the name implies) will run before git commit commands. For the purposes of secrets detection, we want to catch them before they're committed and pushed to GitHub, as opposed to having a GitHub Action that catches them after they've already been exposed. TruffleHog is an open-source secrets detection tool that we can leverage for local scanning for this exact purpose. Follow the instructions below after cloning the repo to your local machine. + +``` +brew install pre-commit trufflehog # This only needs to be done once on your machine +pre-commit install # Note that this needs to be run for each repo that has a pre-commit config +pre-commit run # Run once to make sure the pre-commit works +``` + +All done! Be on the lookout for any secrets that were detected during the pre-commit step from your local machine. + **NOTE: this repository was forked from https://github.com/gocardless/airflow-dbt in order to release an updated version to PyPi.** This is a collection of [Airflow](https://airflow.apache.org/) operators to provide easy integration with [dbt](https://www.getdbt.com). From dbf10d24fbc57a3d04cff9a47ff7486f8d3edbc9 Mon Sep 17 00:00:00 2001 From: Huy Ngo Date: Tue, 19 Nov 2024 15:21:14 -0600 Subject: [PATCH 2/2] feat: adding pre-commit hook to run trufflehog secrets scanning --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 23abe7f..8dc2d51 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ pre-commit run # Run once to make sure the pre-commit works All done! Be on the lookout for any secrets that were detected during the pre-commit step from your local machine. +Note: if you're using GitHub Desktop, this should still work if you follow the above steps before and configure GitHub Desktop to use your default shell application (such as Terminal, iTerm 2, etc.). You can change this in `GitHub Desktop -> Settings -> Integrations -> Shell`. + **NOTE: this repository was forked from https://github.com/gocardless/airflow-dbt in order to release an updated version to PyPi.** This is a collection of [Airflow](https://airflow.apache.org/) operators to provide easy integration with [dbt](https://www.getdbt.com).