From 0c30ed00ebccd0b9fb5e3babf7ccbe3955c818ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Wed, 17 Aug 2022 17:35:28 +0200
Subject: [PATCH] Configure Secret Detection in `.gitlab-ci.yml`, creating this
 file if it does not already exist

---
 .gitlab-ci.yml | 85 +++++++++++++++++++++++++-------------------------
 1 file changed, 42 insertions(+), 43 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3fef816..e99942c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,82 +1,81 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 image: docker:20.10.17
 include:
-  - template: Security/Container-Scanning.gitlab-ci.yml
-
+- template: Security/Container-Scanning.gitlab-ci.yml
+- template: Security/Secret-Detection.gitlab-ci.yml
 container_scanning:
   variables:
-    DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
-    DOCKERFILE_PATH: $CI_COMMIT_BRANCH.Dockerfile
-
+    DOCKER_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH"
+    DOCKERFILE_PATH: "$CI_COMMIT_BRANCH.Dockerfile"
 docker-build-10.0:
-  # Official docker image.
   image: docker:20.10.17
   stage: build
   services:
-    - docker:20.10.17-dind
+  - docker:20.10.17-dind
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --pull -f 10.0.Dockerfile -t "$CI_REGISTRY_IMAGE:10.0" .
-    - docker push "$CI_REGISTRY_IMAGE:10.0"
+  - docker build --pull -f 10.0.Dockerfile -t "$CI_REGISTRY_IMAGE:10.0" .
+  - docker push "$CI_REGISTRY_IMAGE:10.0"
   only:
-    - "10.0"
-
+  - '10.0'
 docker-build-12.0:
-  # Official docker image.
   image: docker:20.10.17
   stage: build
   services:
-    - docker:20.10.17-dind
+  - docker:20.10.17-dind
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --pull -f 12.0.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0" .
-    - docker build --pull -f 12.0_ml.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0_ml" .
-    - docker build --pull -f 12.0_py3.6.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0_py3.6" .
-    - docker push "$CI_REGISTRY_IMAGE:12.0"
-    - docker push "$CI_REGISTRY_IMAGE:12.0_ml"
-    - docker push "$CI_REGISTRY_IMAGE:12.0_py3.6"
+  - docker build --pull -f 12.0.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0" .
+  - docker build --pull -f 12.0_ml.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0_ml" .
+  - docker build --pull -f 12.0_py3.6.Dockerfile -t "$CI_REGISTRY_IMAGE:12.0_py3.6"
+    .
+  - docker push "$CI_REGISTRY_IMAGE:12.0"
+  - docker push "$CI_REGISTRY_IMAGE:12.0_ml"
+  - docker push "$CI_REGISTRY_IMAGE:12.0_py3.6"
   only:
-    - "12.0"
-
+  - '12.0'
 docker-build-14.0:
-  # Official docker image.
   image: docker:20.10.17
   stage: build
   services:
-    - docker:20.10.17-dind
+  - docker:20.10.17-dind
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --pull -f 14.0.Dockerfile -t "$CI_REGISTRY_IMAGE:14.0" .
-    - docker push "$CI_REGISTRY_IMAGE:14.0"
+  - docker build --pull -f 14.0.Dockerfile -t "$CI_REGISTRY_IMAGE:14.0" .
+  - docker push "$CI_REGISTRY_IMAGE:14.0"
   only:
-    - "14.0"
-
+  - '14.0'
 docker-build-16.0:
-  # Official docker image.
   image: docker:20.10.17
   stage: build
   services:
-    - docker:20.10.17-dind
+  - docker:20.10.17-dind
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --pull -f 16.0.Dockerfile -t "$CI_REGISTRY_IMAGE:16.0" .
-    - docker push "$CI_REGISTRY_IMAGE:16.0"
+  - docker build --pull -f 16.0.Dockerfile -t "$CI_REGISTRY_IMAGE:16.0" .
+  - docker push "$CI_REGISTRY_IMAGE:16.0"
   only:
-    - "16.0"
-
+  - '16.0'
 docker-build-16.0-alpine:
-  # Official docker image.
   image: docker:20.10.17
   stage: build
   services:
-    - docker:20.10.17-dind
+  - docker:20.10.17-dind
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - docker build --pull -f 16.0-alpine.Dockerfile -t "$CI_REGISTRY_IMAGE:16.0-alpine" .
-    - docker push "$CI_REGISTRY_IMAGE:16.0-alpine"
+  - docker build --pull -f 16.0-alpine.Dockerfile -t "$CI_REGISTRY_IMAGE:16.0-alpine"
+    .
+  - docker push "$CI_REGISTRY_IMAGE:16.0-alpine"
   only:
-    - "16.0"
+  - '16.0'
-- 
GitLab