Updates related to the MCP Prod deployment and code / document improvements #139
Conversation
… nodes, have Node specific OpenSearch registry names and used a data source for S3 to read existing staging bucket in MCP Prod.
ramesh-maddegoda
requested review from
tloubrieu-jpl,
nutjob4life,
sjoshi-jpl and
jordanpadams
as code owners
|
| @@ -135,7 +135,8 @@ | |||
| "venv", | |||
| "dist", | |||
| "build", | |||
| ".*\\.egg-info" | |||
| ".*\\.egg-info", | |||
| "\u2018*.tfstate \\\n --exclude-files \u2018\\*.tfvars" | |||
There was a problem hiding this comment.
I'm seeing these \u2018 and --exclude-files appear in your commits again.
Is there a chance there's some copy/paste problems going on? Some how, the command-line argument name itself --exclude-files is being named as a pattern.
I believe what you want is:
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
"\\.secrets..*",
"\\.git.*",
"\\.pre-commit-config\\.yaml",
"\\.mypy_cache",
"\\.pytest_cache",
"\\.tox",
"\\.venv",
"venv",
"dist",
"build",
".*\\.egg-info",
".*\\.tfstate",
".*\\.tfvars"
]
}There was a problem hiding this comment.
@nutjob4life , what I used was:
$ detect-secrets scan --disable-plugin AbsolutePathDetectorExperimental
--exclude-files '.secrets..'
--exclude-files '.git.'
--exclude-files '.pre-commit-config.yaml'
--exclude-files '.mypy_cache'
--exclude-files '.pytest_cache'
--exclude-files '.tox'
--exclude-files '.venv'
--exclude-files 'venv'
--exclude-files 'dist'
--exclude-files 'build'
--exclude-files '.*.egg-info'
--exclude-files ‘*.tfstate'
--exclude-files ‘*.tfvars'
> .secrets.baseline
There was a problem hiding this comment.
Ah, I can see some problems all right.
First, the patterns are regexps, not glob expressions, so
--exclude-files '*.tfstate'
--exclude-files '*.tfvars'
should be
--exclude-files '.*\.tfstate' # Exclude files that start with zero-or-more characters and end with dot tfstate
--exclude-files '.*\.tfvars' # Exclude files that start with zero-or-more characters and end with dot tfvars
The same applies to all the other cases where . appears; a . in regexp, as you know, matches a single character, so you actually want
--exclude-files '\.pre-commmit-config.yaml'
--exclude-files '\.tox'
etc.
Second there are no continuation characters on your command-line; there should be a \ ending each line except the last, right?
But I found where the weird Unicode escape characters are coming from!
Look closely at this screenshot from your comment above:
The characters I circled in green are correct; those are APOSTROPHEs U+0027. But the characters in red are LEFT SINGLE QUOTATION MARKs, U+2018, which are incorrect. That explains why the literal text --exclude-files is getting saved into the .secrets.baseline.
Here is a detect-secrets scan command you should be able to use:
detect-secrets scan --disable-plugin AbsolutePathDetectorExperimental \
--exclude-files '\.secrets\..*' \
--exclude-files '\.git.*' \
--exclude-files '\.pre-commit-config\.yaml' \
--exclude-files '\.mypy_cache' \
--exclude-files '\.pytest_cache' \
--exclude-files '\.tox' \
--exclude-files '\.venv' \
--exclude-files 'venv' \
--exclude-files 'dist' \
--exclude-files 'build' \
--exclude-files '.*\.egg-info' \
--exclude-files '.*\.tfstate' \
--exclude-files '.*\.tfvars' \
> .secrets.baseline
🗒️ Summary
Updates related to the MCP Prod deployment and code / document improvements
♻️ Related Issues
#90
Deploy Nucleus in Production env