Skip to content

Commit

Permalink
detect-secrets CI recovers from baseline mutation (#3008)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ovasdi
ovasdi authored Nov 16, 2021
1 parent 53a7b75 commit 063a91a
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,21 @@ jobs:
- image: lirantal/detect-secrets
working_directory: /usr/src/app
steps:
- run: apt-get update && apt-get install -y openssh-client
- checkout
- run: detect-secrets-hook --baseline .secrets.baseline $(git ls-files)
- run: |
cp .secrets.baseline /tmp/.secrets.baseline
set +e && set +o pipefail
detect-secrets-hook --baseline .secrets.baseline $(git ls-files)
code=$?
if [[ $code -ne 3 ]]; then
exit $code
else
lines=$(diff -y --suppress-common-lines .secrets.baseline /tmp/.secrets.baseline | wc -l)
[ $lines -eq 1 ] && git restore .secrets.baseline && exit 0
echo "Changes to baseline results need to be committed locally."
exit $code
fi
not_staging_or_release: &not_staging_or_release
filters:
Expand Down

0 comments on commit 063a91a

Please sign in to comment.