build: add detect-secrets stage to build (#223)

Signed-off-by: Phil Adams <[email protected]>

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-02-23T18:07:30Z",
+  "generated_at": "2024-07-29T15:43:37Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -116,7 +116,7 @@
         "hashed_secret": "bc2f74c22f98f7b6ffbc2f67453dbfa99bce9a32",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 765,
+        "line_number": 849,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -276,15 +276,15 @@
         "hashed_secret": "fed915afaba64ebcdfeb805d59ea09a33275c423",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 156,
+        "line_number": 159,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "c1bd026029d704c1543f56c9b0817395bec76165",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 160,
+        "line_number": 163,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -338,15 +338,15 @@
         "hashed_secret": "3c81615afb40d1889fc2e1fff551a8b59b4e80ce",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 100,
+        "line_number": 103,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8b142a91cfb6e617618ad437cedf74a6745f8926",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 143,
+        "line_number": 146,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -356,31 +356,31 @@
         "hashed_secret": "c8f0df25bade89c1873f5f01b85bcfb921443ac6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 40,
+        "line_number": 41,
         "type": "JSON Web Token",
         "verified_result": null
       },
       {
         "hashed_secret": "f0048c1e535178d8ba9760fd4139c2554ac53d99",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 224,
+        "line_number": 225,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d16fe0356edbf4177de06fc6cb5122837d5cd203",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 242,
+        "line_number": 243,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "10ef99be8df801b05b5933e121e85385edf6b98a",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 663,
+        "line_number": 666,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -390,23 +390,23 @@
         "hashed_secret": "f75b33f87ffeacb3a4f793a09693e672e07449ff",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 100,
+        "line_number": 106,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "84ed7427f222c7a1f43567e1bb3058365a81bbcb",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 285,
+        "line_number": 304,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d4a9d12d425a0edaf333f49c6004b6d417eeb87b",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 286,
+        "line_number": 305,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -456,31 +456,31 @@
         "hashed_secret": "10db2b8939e12fa3259bf89a63eab34ee3c281b2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 602,
+        "line_number": 604,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "84ba4ce8a59ed2d6e90726d57cdc4a927d3672b2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 645,
+        "line_number": 647,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "4080eeeaf54faf879b9e8d99c49a8503f7e855bb",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 660,
+        "line_number": 662,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 778,
+        "line_number": 780,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -500,23 +500,23 @@
         "hashed_secret": "7a5d27bcb7a1e98b6e1bfca4df223ed578a47283",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 94,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "c2df5d3d760ff42f33fb38e2534d4c1b7ddde3ab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 94,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8b142a91cfb6e617618ad437cedf74a6745f8926",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 134,
+        "line_number": 137,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -590,15 +590,15 @@
         "hashed_secret": "6a0a3e8036180c23da91ede4f9d7bbfefd56e1a9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1162,
+        "line_number": 1164,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1184,
+        "line_number": 1186,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -642,7 +642,7 @@
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 279,
+        "line_number": 296,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -676,23 +676,23 @@
         "hashed_secret": "65e496a8c40e0364f378688b5e612a2386ad38d1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 645,
+        "line_number": 647,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "4c809455939f19c33c732b56a8417e509f4885e8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 646,
+        "line_number": 648,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 668,
+        "line_number": 670,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -720,23 +720,23 @@
         "hashed_secret": "c8f0df25bade89c1873f5f01b85bcfb921443ac6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 39,
+        "line_number": 40,
         "type": "JSON Web Token",
         "verified_result": null
       },
       {
         "hashed_secret": "8516a32b25a73aef393072725adad14498a3c3c9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 208,
+        "line_number": 209,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "af83c79c5d4a8d171a2ca5aa132013f3020c518a",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 887,
+        "line_number": 890,
         "type": "Secret Keyword",
         "verified_result": null
       }

.travis.yml

@@ -2,43 +2,51 @@ language: go
 
 dist: jammy
 
-go:
-- '1.20.x'
-- '1.21.x'
-- '1.22.x'
-
 notifications:
   email: false
 
 env:
   global:
     - GO111MODULE=on
 
-before_install:
-  - sudo apt-get update
+stages:
+  - name: Build-Test
+  - name: Semantic-Release
+    if: (branch = main) AND (type IN (push, api)) AND (fork = false)
 
+# Default "install" and "script" steps.
 install:
   - curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
   - curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
   - go install golang.org/x/tools/cmd/goimports@latest
-
 script:
   - make tidy
   - make test
   - make lint
   - make scan-gosec
 
-before_deploy:
-  - nvm install 18
-  - node --version
-  - npm --version
-  - npm install
-  - pip install --user bump-my-version
-
-deploy:
-  - provider: script
-    script: npm run semantic-release
-    skip_cleanup: true
-    on:
+jobs:
+  include:
+    - stage: Build-Test
+      language: go
       go: '1.20.x'
-      branch: main
+    - go: '1.21.x'
+    - go: '1.22.x'
+
+    - name: Detect-Secrets
+      language: python
+      python: 3.12
+      install:
+        - pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
+      script:
+        - detect-secrets scan --update .secrets.baseline
+        - detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline
+
+    - stage: Semantic-Release
+      language: node_js
+      node_js: 22
+      install:
+        - pip install --user bump-my-version
+        - npm install
+      script:
+        - npm run semantic-release