darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-16 02:02:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

ugh secrets

Browse Source
This commit is contained in:
Kenneth Kehl
2025-05-29 10:15:58 -07:00
parent c2ed11d28e
commit 3b5f11932f
3 changed files with 59 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
.ds.baseline
View File

@@ -137,6 +137,42 @@
"is_secret": false "is_secret": false
} }
], ],
".github/workflows/checks.yml": [
{
"type": "Secret Keyword",
"filename": ".github/workflows/checks.yml",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 28,
"is_secret": false
},
{
"type": "Basic Auth Credentials",
"filename": ".github/workflows/checks.yml",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 45,
"is_secret": false
}
],
".github/workflows/daily_checks.yml": [
{
"type": "Secret Keyword",
"filename": ".github/workflows/daily_checks.yml",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 63,
"is_secret": false
},
{
"type": "Basic Auth Credentials",
"filename": ".github/workflows/daily_checks.yml",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 79,
"is_secret": false
}
],
"app/enums.py": [ "app/enums.py": [
{ {
"type": "Secret Keyword", "type": "Secret Keyword",
@@ -348,5 +384,5 @@
} }
] ]
}, },
"generated_at": "2025-05-29T15:05:15Z" "generated_at": "2025-05-29T17:15:40Z"
} }

30
.github/workflows/checks.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
image: postgres image: postgres
env: env:
POSTGRES_USER: user POSTGRES_USER: user
POSTGRES_PASSWORD: password # pragma: allowlist secret POSTGRES_PASSWORD: password
POSTGRES_DB: test_notification_api POSTGRES_DB: test_notification_api
options: >- options: >-
--health-cmd pg_isready --health-cmd pg_isready
@@ -42,11 +42,11 @@ jobs:
- name: Install application dependencies - name: Install application dependencies
run: make bootstrap run: make bootstrap
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }} # pragma: allowlist secret NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
- name: Check imports alphabetized - name: Check imports alphabetized
run: poetry run isort --check-only ./app ./tests run: poetry run isort --check-only ./app ./tests
@@ -57,8 +57,8 @@ jobs:
- name: Run tests with coverage - name: Run tests with coverage
run: poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10 run: poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }} # pragma: allowlist secret NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }} NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }} NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
@@ -120,7 +120,7 @@ jobs:
image: postgres image: postgres
env: env:
POSTGRES_USER: user POSTGRES_USER: user
POSTGRES_PASSWORD: password # pragma: allowlist secret POSTGRES_PASSWORD: password
POSTGRES_DB: test_notification_api POSTGRES_DB: test_notification_api
options: >- options: >-
--health-cmd pg_isready --health-cmd pg_isready
@@ -136,15 +136,15 @@ jobs:
- name: Install application dependencies - name: Install application dependencies
run: make bootstrap run: make bootstrap
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }} # pragma: allowlist secret NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
- name: Run server - name: Run server
run: make run-flask & run: make run-flask &
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
- name: Run OWASP API Scan - name: Run OWASP API Scan
uses: zaproxy/action-api-scan@v0.9.0 uses: zaproxy/action-api-scan@v0.9.0
with: with:

14
.github/workflows/daily_checks.yml vendored
View File

@@ -60,7 +60,7 @@ jobs:
image: postgres image: postgres
env: env:
POSTGRES_USER: user POSTGRES_USER: user
POSTGRES_PASSWORD: password # pragma: allowlist secret POSTGRES_PASSWORD: password
POSTGRES_DB: test_notification_api POSTGRES_DB: test_notification_api
options: >- options: >-
--health-cmd pg_isready --health-cmd pg_isready
@@ -76,15 +76,15 @@ jobs:
- name: Install application dependencies - name: Install application dependencies
run: make bootstrap run: make bootstrap
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }} # pragma: allowlist secret NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }} # pragma: allowlist secret NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} # pragma: allowlist secret NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
- name: Run server - name: Run server
run: make run-flask & run: make run-flask &
env: env:
SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api # pragma: allowlist secret SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
- name: Run OWASP API Scan - name: Run OWASP API Scan
uses: zaproxy/action-api-scan@v0.9.0 uses: zaproxy/action-api-scan@v0.9.0
with: with: