Merge branch 'aws-integration-merge' into 'master'

Add git secrets See merge request !259

Merge branch 'aws-integration-merge' into 'master'
76ebe861 · Morris Estepa · f9ee48c7 · 5a9ee797 · 76ebe861 · 76ebe861
Commit 76ebe861 authored 2 years ago by Morris Estepa
--- a/NOTICE
+++ b/NOTICE
@@ -130,6 +130,7 @@ The following software have components provided under the terms of this license:
 - Identity and Access Management (IAM) API v2beta-rev20220421-1.32.1 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-iam)
 - Identity and Access Management (IAM) API v2beta-rev20220526-1.32.1 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-iam)
 - Identity and Access Management (IAM) API v2beta-rev20220713-1.32.1 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-iam)
+- Identity and Access Management (IAM) API v2beta-rev20220713-2.0.0 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-iam)
 - J2ObjC Annotations (from https://github.com/google/j2objc/)
 - JBoss Jakarta Annotations API (from https://github.com/jboss/jboss-jakarta-annotations-api_spec)
 - JBoss Logging 3 (from http://www.jboss.org)

--- a/provider/notification-aws/build-aws/buildspec.yaml
+++ b/provider/notification-aws/build-aws/buildspec.yaml
@@ -44,6 +44,10 @@ phases:
      - wget https://github.com/mikefarah/yq/releases/download/v4.27.2/yq_linux_amd64 -q -O /usr/bin/yq && chmod +x /usr/bin/yq
      - export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
      - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $AWS_OSDU_DEV_MAVEN_DOMAIN --domain-owner $AWS_ACCOUNT_ID --query authorizationToken --output text`
+      # Install git secrets
+      - git clone https://github.com/awslabs/git-secrets.git
+      - cd git-secrets && make install && cd ..
+      - git secrets --install && git secrets --register-aws
  pre_build:
    commands:
      - echo "Logging in to Amazon ECR..."
@@ -65,6 +69,9 @@ phases:
      - export VERSION=${pom_version%-*}
      - printenv

+      - GIT_SECRETS_SCAN_RESULT=$(git secrets --scan 2> ${OUTPUT_DIR}/git_secrets.out.txt && echo OK || echo FAILED)
+      - if [ "$GIT_SECRETS_SCAN_RESULT" = "FAILED" ]; then echo "Secrets detected!" && exit 1; fi
+
      - echo "Building primary service assemblies..."
      - mvn -ntp -B test install sonar:sonar -pl .,notification-core,provider/notification-aws -Ddeployment.environment=prod -Dsonar.login=${SONAR_USERNAME} -Dsonar.password=${SONAR_PASSWORD} -Dsonar.branch.name=${BRANCH_NAME}