ci: add git secrets

app/sdms/src/cloud/providers/aws/build-aws/buildspec.yaml

@@ -42,6 +42,10 @@ phases:
       - npm install
       - wget -nv https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472.zip
       - unzip -q ./sonar-scanner-cli-4.6.2.2472.zip
+      # Install git secrets
+      - git clone https://github.com/awslabs/git-secrets.git
+      - cd git-secrets && make install && cd ..
+      - git secrets --install && git secrets --register-aws
 
   pre_build:
     commands:
@@ -62,13 +66,16 @@ phases:
       - mkdir -p ${OUTPUT_DIR}/testing && mkdir -p ${INTEGRATION_TEST_OUTPUT}  && mkdir -p ${INTEGRATION_TEST_OUTPUT}/bin
       - echo "Placeholder" >> ${OUTPUT_DIR}/build-info.json # touched so that the output directory has some content incase the build fails so that testing reports are uploaded
 
-      - node_modules/.bin/tslint -c tslint.json 'src/cloud/providers/aws/**/*.ts'  
+      - GIT_SECRETS_SCAN_RESULT=$(git secrets --scan 2> ${OUTPUT_DIR}/git_secrets.out.txt && echo OK || echo FAILED)
+      - if [ "$GIT_SECRETS_SCAN_RESULT" = "FAILED" ]; then echo "Secrets detected!" && exit 1; fi
+
+      - node_modules/.bin/tslint -c tslint.json 'src/cloud/providers/aws/**/*.ts'
       - echo "Building seismic-store-service"
       - npm run build
 
       # copy to tests folder for generating token for integration tests
       - cp ../../devops/scripts/aws_jwt_client.py tests/aws-test/build-aws/aws_jwt_client.py
-      - cp devops/aws/requirements.txt tests/aws-test/build-aws/requirements.txt   
+      - cp devops/aws/requirements.txt tests/aws-test/build-aws/requirements.txt
 
       - echo "Building integration testing assemblies and gathering artifacts..."
       - chmod +x ./tests/aws-test/build-aws/prepare-dist.sh