ugh secrets

2025-12-13 08:42:21 -05:00 · 2025-05-29 10:15:58 -07:00
parent c2ed11d28e
commit 3b5f11932f
3 changed files with 59 additions and 23 deletions
--- a/.ds.baseline
+++ b/.ds.baseline
@@ -137,6 +137,42 @@
        "is_secret": false
      }
    ],
+    ".github/workflows/checks.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".github/workflows/checks.yml",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 28,
+        "is_secret": false
+      },
+      {
+        "type": "Basic Auth Credentials",
+        "filename": ".github/workflows/checks.yml",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 45,
+        "is_secret": false
+      }
+    ],
+    ".github/workflows/daily_checks.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".github/workflows/daily_checks.yml",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 63,
+        "is_secret": false
+      },
+      {
+        "type": "Basic Auth Credentials",
+        "filename": ".github/workflows/daily_checks.yml",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 79,
+        "is_secret": false
+      }
+    ],
    "app/enums.py": [
      {
        "type": "Secret Keyword",
@@ -348,5 +384,5 @@
      }
    ]
  },
-  "generated_at": "2025-05-29T15:05:15Z"
+  "generated_at": "2025-05-29T17:15:40Z"
 }
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -25,7 +25,7 @@ jobs:
        image: postgres
        env:
          POSTGRES_USER: user
-          POSTGRES_PASSWORD: password  # pragma: allowlist secret
+          POSTGRES_PASSWORD: password
          POSTGRES_DB: test_notification_api
        options: >-
          --health-cmd pg_isready
@@ -42,11 +42,11 @@ jobs:
    - name: Install application dependencies
      run: make bootstrap
      env:
-        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
-        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
-        NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
-        NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
-        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
+        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+        NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
+        NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
+        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}

    - name: Check imports alphabetized
      run: poetry run isort --check-only ./app ./tests
@@ -57,8 +57,8 @@ jobs:
    - name: Run tests with coverage
      run: poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10
      env:
-        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
-        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
+        SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
        NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
        NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
@@ -120,7 +120,7 @@ jobs:
        image: postgres
        env:
          POSTGRES_USER: user
-          POSTGRES_PASSWORD: password  # pragma: allowlist secret
+          POSTGRES_PASSWORD: password
          POSTGRES_DB: test_notification_api
        options: >-
          --health-cmd pg_isready
@@ -136,15 +136,15 @@ jobs:
      - name: Install application dependencies
        run: make bootstrap
        env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
+          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
      - name: Run server
        run: make run-flask &
        env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
      - name: Run OWASP API Scan
        uses: zaproxy/action-api-scan@v0.9.0
        with:
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -60,7 +60,7 @@ jobs:
        image: postgres
        env:
          POSTGRES_USER: user
-          POSTGRES_PASSWORD: password  # pragma: allowlist secret
+          POSTGRES_PASSWORD: password
          POSTGRES_DB: test_notification_api
        options: >-
          --health-cmd pg_isready
@@ -76,15 +76,15 @@ jobs:
      - name: Install application dependencies
        run: make bootstrap
        env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}  # pragma: allowlist secret
-          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}  # pragma: allowlist secret
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
+          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
+          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
      - name: Run server
        run: make run-flask &
        env:
-          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api  # pragma: allowlist secret
+          SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
      - name: Run OWASP API Scan
        uses: zaproxy/action-api-scan@v0.9.0
        with: