Refactor

Author: stefaniuk

.editorconfig

@@ -8,6 +8,9 @@ indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
 
+[*.md]
+indent_size = unset
+
 [*.py]
 indent_size = 4
 

.github/workflows/cicd-pipeline.yaml

@@ -2,26 +2,27 @@ name: CI/CD Pipeline
 
 on:
   push:
-    branches:
-      - main
   pull_request:
     branches:
       - main
+    types: [opened, synchronize, reopened]
 
 jobs:
-  get-datetime:
+  get-metadata:
     runs-on: ubuntu-latest
     outputs:
-      datetime: ${{ steps.datetime.outputs.datetime }}
-      timestamp: ${{ steps.datetime.outputs.timestamp }}
-      epoch: ${{ steps.datetime.outputs.epoch }}
+      build_datetime: ${{ steps.metadata.outputs.build_datetime }}
+      build_timestamp: ${{ steps.metadata.outputs.build_timestamp }}
+      build_epoch: ${{ steps.metadata.outputs.build_epoch }}
     steps:
-      - id: datetime
+      - id: metadata
         run: |
           datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
-          echo "datetime=$datetime" >> $GITHUB_OUTPUT
-          echo "timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-          echo "epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
+          echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
+          echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+          echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
+  scan-secrets:
+    uses: ./.github/workflows/scan-secrets.yaml
   check-file-format:
     uses: ./.github/workflows/check-file-format.yaml
   check-markdown-format:
@@ -31,15 +32,21 @@ jobs:
   cicd-pipeline-test:
     runs-on: ubuntu-latest
     needs:
-      [get-datetime, check-file-format, check-markdown-format, cloc-repository]
+      [
+        get-metadata,
+        scan-secrets,
+        check-file-format,
+        check-markdown-format,
+        cloc-repository,
+      ]
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v3
       - name: List Variables
         run: |
-          export BUILD_DATETIME="${{ needs.get-datetime.outputs.datetime }}"
-          export BUILD_TIMESTAMP="${{ needs.get-datetime.outputs.timestamp }}"
-          export BUILD_EPOCH="${{ needs.get-datetime.outputs.epoch }}"
+          export BUILD_DATETIME="${{ needs.get-metadata.outputs.build_datetime }}"
+          export BUILD_TIMESTAMP="${{ needs.get-metadata.outputs.build_timestamp }}"
+          export BUILD_EPOCH="${{ needs.get-metadata.outputs.build_epoch }}"
           make list-variables
       - name: Run Functional Test Suite
         run: |

.github/workflows/scan-secrets.yaml

@@ -0,0 +1,15 @@
+name: Scan Secrets
+
+on:
+  workflow_call:
+
+jobs:
+  secret-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - run: |
+          export ALL_FILES=true
+          ./scripts/githooks/secret-scan-pre-commit.sh

.gitleaks.toml

@@ -0,0 +1,9 @@
+# SEE: https://github.com/gitleaks/gitleaks/#configuration
+
+[extend]
+useDefault = true # SEE: https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml
+
+[[rules]]
+description = "IPv4"
+id = "ipv4"
+regex = '''[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'''

.gitleaksignore

@@ -0,0 +1 @@
+# SEE: https://github.com/gitleaks/gitleaks/blob/master/README.md#gitleaksignore

.vscode/extensions.json

@@ -1,30 +1,25 @@
 {
   "recommendations": [
     "alefragnani.bookmarks",
-    "amazonwebservices.aws-toolkit-vscode",
     "davidanson.vscode-markdownlint",
     "dbaeumer.vscode-eslint",
     "donjayamanne.githistory",
     "eamodio.gitlens",
     "editorconfig.editorconfig",
     "esbenp.prettier-vscode",
     "github.codespaces",
-    "github.copilot",
     "github.github-vscode-theme",
     "github.remotehub",
     "github.vscode-github-actions",
     "github.vscode-pull-request-github",
-    "golang.go",
-    "hashicorp.terraform",
     "hediet.vscode-drawio",
     "johnpapa.vscode-peacock",
     "mhutchie.git-graph",
     "ms-azuretools.vscode-docker",
-    "ms-kubernetes-tools.vscode-kubernetes-tools",
-    "ms-python.python",
     "ms-vscode-remote.remote-containers",
     "ms-vscode-remote.remote-wsl",
     "ms-vscode.hexeditor",
+    "ms-vscode.live-server",
     "ms-vsliveshare.vsliveshare",
     "redhat.vscode-xml",
     "streetsidesoftware.code-spell-checker-british-english",
@@ -37,5 +32,5 @@
     "yzhang.dictionary-completion",
     "yzhang.markdown-all-in-one"
   ],
-  "unwantedRecommendations": ["ms-vscode.makefile-tools"]
+  "unwantedRecommendations": []
 }

.vscode/settings.json

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -e
+
+# Pre-commit git hook to scan for secrets hardcoded in the codebase.
+#
+# Usage:
+#   $ ./secret-scan-pre-commit.sh
+#
+# Options:
+#   ALL_FILES=true  # Scan whole git history or 'last-commit', default is `false`
+#   VERBOSE=true    # Show all the executed commands, default is `false`
+#
+# Exit codes:
+#   0 - No leaks present
+#   1 - Leaks or error encountered
+#   126 - Unknown flag
+
+# ==============================================================================
+
+image_version=v8.16.3@sha256:05b48ff3f4fd7daa9487b42cbf9d576f2dc0dbe2551e3d0a8738e18ba2278091
+
+# ==============================================================================
+
+function main() {
+
+  if is_arg_true "$ALL_FILES"; then
+    # Scan whole git history
+    cmd="detect --source=/scan --verbose --redact"
+  elif [ "$ALL_FILES" == "last-commit" ]; then
+    # Scan the last commit
+    cmd="detect --source=/scan --verbose --redact --log-opts=-1"
+  else
+    # Scan staged files only
+    cmd="protect --source=/scan --verbose --staged"
+  fi
+
+  docker run --rm --platform linux/amd64 \
+    --volume=$PWD:/scan \
+    --workdir=/scan \
+    ghcr.io/gitleaks/gitleaks:$image_version \
+      $cmd
+}
+
+function is_arg_true() {
+
+  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# ==============================================================================
+
+is_arg_true "$VERBOSE" && set -x
+
+main $*
+
+exit 0