From 58dcc010f35f12c4912b05518cd838c2ff0e70d2 Mon Sep 17 00:00:00 2001
From: Morris Estepa <estepamo@amazon.com>
Date: Tue, 13 Sep 2022 18:54:54 +0000
Subject: [PATCH] Squashed commit of the following

commit aefa14a5
Author: Morris Estepa <estepamo@amazon.com>
Date: Thu Sep 08 2022 15:50:03 GMT-0500 (Central Daylight Time)

    add git secrets
---
 provider/partition-aws/build-aws/buildspec.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/provider/partition-aws/build-aws/buildspec.yaml b/provider/partition-aws/build-aws/buildspec.yaml
index ba28b3c85..9730df792 100644
--- a/provider/partition-aws/build-aws/buildspec.yaml
+++ b/provider/partition-aws/build-aws/buildspec.yaml
@@ -44,6 +44,10 @@ phases:
       - wget https://github.com/mikefarah/yq/releases/download/v4.27.2/yq_linux_amd64 -q -O /usr/bin/yq && chmod +x /usr/bin/yq
       - export AWS_ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d':' -f 2 | cut -d'"' -f 2`
       - export AWS_OSDU_DEV_MAVEN_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $AWS_OSDU_DEV_MAVEN_DOMAIN --domain-owner $AWS_ACCOUNT_ID --query authorizationToken --output text`
+      # Install git secrets
+      - git clone https://github.com/awslabs/git-secrets.git
+      - cd git-secrets && make install && cd ..
+      - git secrets --install && git secrets --register-aws
   pre_build:
     commands:
       - echo "Logging in to Amazon ECR..."
@@ -65,6 +69,9 @@ phases:
       - export VERSION=${pom_version%-*}
       - printenv
 
+      - GIT_SECRETS_SCAN_RESULT=$(git secrets --scan 2> ${OUTPUT_DIR}/git_secrets.out.txt && echo OK || echo FAILED)
+      - if [ "$GIT_SECRETS_SCAN_RESULT" = "FAILED" ]; then echo "Secrets detected!" && exit 1; fi
+
       - echo "Building primary service assemblies..."
       - mvn -B test install sonar:sonar -pl .,partition-core,provider/partition-aws -Ddeployment.environment=prod -Dsonar.login=${SONAR_USERNAME} -Dsonar.password=${SONAR_PASSWORD} -Dsonar.branch.name=${BRANCH_NAME} 
 
-- 
GitLab