Skip to content

Commit

Permalink
Merge branch 'main' into fix-privatelink-snowflake-detector
Browse files Browse the repository at this point in the history
* main: (79 commits)
  Log skipped files on debug level (trufflesecurity#3383)
  build: update retracted bluemonday ver (trufflesecurity#3369)
  Fix git binary handling and add a smoke test (trufflesecurity#3379)
  fix(deps): update module google.golang.org/protobuf to v1.35.1 (trufflesecurity#3382)
  Added Cisco Meraki API Key detector (trufflesecurity#3367)
  improved the agora detector (trufflesecurity#3360)
  fix(deps): update module github.com/xanzy/go-gitlab to v0.110.0 (trufflesecurity#3376)
  fix(deps): update golang.org/x/exp digest to 225e2ab (trufflesecurity#3371)
  fix(deps): update module golang.org/x/net to v0.30.0 (trufflesecurity#3373)
  fix(deps): update module golang.org/x/crypto to v0.28.0 (trufflesecurity#3372)
  chore(deps): update sigstore/cosign-installer action to v3.7.0 (trufflesecurity#3368)
  fix(deps): update module cloud.google.com/go/storage to v1.44.0 (trufflesecurity#3366)
  fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.1 (trufflesecurity#3365)
  [refactor] - Decouple Metrics From Cache Implementation (trufflesecurity#3355)
  fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.2 (trufflesecurity#3363)
  Updated Cosign Install URL (trufflesecurity#3364)
  fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.0 (trufflesecurity#3361)
  Added Pattern test cases for detectors (trufflesecurity#3354)
  remove size check (trufflesecurity#3351)
  fix(deps): update module go.mongodb.org/mongo-driver to v1.17.1 (trufflesecurity#3357)
  ...

# Conflicts:
#	go.sum
  • Loading branch information
abmussani committed Oct 9, 2024
2 parents 04f796e + 23afcd7 commit 1276dde
Show file tree
Hide file tree
Showing 980 changed files with 15,860 additions and 4,182 deletions.
11 changes: 11 additions & 0 deletions .captain/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
test-suites:
detectors:
command: gotestsum --jsonfile tmp/go-test.json --raw-command -- go test -tags=detectors -timeout=15m -json -count=1 -vet=off ./pkg/detectors/...
results:
path: tmp/go-test.json
output:
print-summary: true
## No retries right now
# retries:
# attempts: 3
# command: gotestsum --raw-command --jsonfile tmp/go-test.json -- go test -tags=detectors -timeout=15m -json -count=1 -vet=off {{ package }} -run '{{ run }}'
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
Expand Down
43 changes: 12 additions & 31 deletions .github/workflows/detector-tests.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: detector test aggregation
name: Detectors Aggregation

on:
workflow_dispatch:
Expand All @@ -14,35 +14,16 @@ jobs:
contents: "read"
id-token: "write"
steps:
- name: Install Go
uses: actions/setup-go@v5
- uses: actions/setup-go@v5
- uses: actions/checkout@v4
- name: Install gotestsum
uses: jaxxstorm/action-install-gh-release@v1.12.0
with:
go-version: "1.22"
- name: Checkout code
uses: actions/checkout@v4
- id: "auth"
uses: "google-github-actions/auth@v2"
with:
workload_identity_provider: "projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
service_account: "github-ci-external@trufflehog-testing.iam.gserviceaccount.com"
- name: Test integration
continue-on-error: true
run: make test-integration
- name: Set up gotestsum
run: |
go install gotest.tools/gotestsum@latest
mkdir -p tmp/test-results
- name: Test detectors
repo: gotestyourself/gotestsum
- uses: rwx-research/setup-captain@v1
- name: Test Go
run: |
CGO_ENABLED=1 gotestsum --junitfile tmp/test-results/test.xml --raw-command -- go test -json -tags=detectors -timeout=15m $(go list ./... | grep pkg/detectors)
- name: Upload test results to BuildPulse for flaky test detection
if: ${{ !cancelled() }} # Run this step even when the tests fail. Skip if the workflow is cancelled.
uses: buildpulse/buildpulse-action@main
with:
account: 79229934
repository: 694446374
path: |
tmp/test-results/*.xml
key: ${{ secrets.BUILDPULSE_DETECTORS_ACCESS_KEY_ID }}
secret: ${{ secrets.BUILDPULSE_DETECTORS_SECRET_ACCESS_KEY }}
tags: detectors
export CGO_ENABLED=1
captain run detectors
env:
RWX_ACCESS_TOKEN: ${{ secrets.RWX_ACCESS_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
steps:
- uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- uses: actions/checkout@v4
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/performance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"

- name: Checkout code
uses: actions/checkout@v4
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- name: Cosign install
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/secrets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:

jobs:
test:
if: github.repository == 'trufflesecurity/trufflehog'
if: ${{ github.repository == 'trufflesecurity/trufflehog' && !github.event.pull_request.head.repo.fork }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand Down
39 changes: 36 additions & 3 deletions .github/workflows/smoke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,44 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- name: Checkout code
uses: actions/checkout@v4
- name: Smoke
run: |
set -e
go run . git https://github.com/dustin-decker/secretsandstuff.git
go run . github --repo https://github.com/dustin-decker/secretsandstuff.git
go run . git https://github.com/dustin-decker/secretsandstuff.git > /dev/null
go run . github --repo https://github.com/dustin-decker/secretsandstuff.git > /dev/null
zombies:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.23"
- name: Checkout code
uses: actions/checkout@v4
- name: Run trufflehog
run: |
set -e
go run . git --no-verification file://. > /dev/null
# This case previously had a deadlock issue and left zombies after trufflehog exited #3379
go run . git --no-verification https://github.com/git-test-fixtures/binary.git > /dev/null
- name: Check for running git processes and zombies
run: |
if pgrep -x "git" > /dev/null
then
echo "Git processes are still running"
exit 1
else
echo "No git processes found"
fi
if ps -A -ostat,ppid | grep -e '[zZ]' > /dev/null
then
echo "Zombie processes found"
exit 1
else
echo "No zombie processes found"
fi
2 changes: 1 addition & 1 deletion .github/workflows/snifftest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
steps:
- uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- uses: actions/checkout@v4
- name: Run Snifftest
run: make snifftest
4 changes: 2 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- name: Checkout code
uses: actions/checkout@v4
- id: "auth"
Expand Down Expand Up @@ -62,7 +62,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
go-version: "1.23"
- name: Checkout code
uses: actions/checkout@v4
- name: Test
Expand Down
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@ dist

# binary
trufflehog
tmp/go-test.json
.captain/detectors/timings.yaml
.captain/detectors/quarantines.yaml
.captain/detectors/flakes.yaml
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ Checksums are applied to all artifacts, and the resulting checksum file is signe

You need the following tool to verify signature:

- [Cosign](https://docs.sigstore.dev/cosign/installation/)
- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)

Verification steps are as follow:

Expand Down
Loading

0 comments on commit 1276dde

Please sign in to comment.