Added .gitallowed and updated Readme accordingly (#145)

eperegrine · JohnEllwoodBJSS · web-flow · commit 4622c7efd4cc · 2021-06-02T13:23:30.000+01:00
* Added .gitallowed and updated Readme accordingly

* Removed js map files from secret scan allowed list

* Update nhsd-git-secrets/.gitallowed-base

Co-authored-by: JohnEllwoodBJSS &lt;42967702+JohnEllwoodBJSS@users.noreply.github.com&gt;

Co-authored-by: JohnEllwoodBJSS &lt;42967702+JohnEllwoodBJSS@users.noreply.github.com&gt;
diff --git a/nhsd-git-secrets/.gitallowed-base b/nhsd-git-secrets/.gitallowed-base
@@ -0,0 +1,9 @@
+.*git-secrets/.*:*
+.*terraform.tfstate.*:*
+.*.svg:*
+.*.jquery.*.js:*
+.*engine_version*
+.*127.0.0.1*
+.*assembly: AssemblyVersion*
+.*assembly: AssemblyFileVersion*
+.*Version=*
diff --git a/nhsd-git-secrets/README-mac-workstation.md b/nhsd-git-secrets/README-mac-workstation.md
@@ -4,29 +4,32 @@ Ensure you have the pre-commit framework set up first:
 
 https://pre-commit.com/
 
-TL;DR:
+## TL;DR
 
-* pre-commit --version (to check whether it's installed)
-* brew install pre-commit
-* cd <texasd infra repo root>
-* pre-commit install
+* `pre-commit --version` (to check whether it's installed)
+* `brew install pre-commit`
+* `cd <project repo root>`
+* `pre-commit install`
 
-Once you have pre-commit installed then:
+## Setup
 
-* cd nhsd-git-secrets
-* cp git-secrets ..
+Make sure to copy the nhd-git-secrets folder into the root of the project repository, and then navigate the terminal to the repo root
+
+* `cd nhsd-git-secrets`
+* `cp git-secrets ..`
+* `cp .gitallowed-base ../.gitallowed`
 
 Then if you don't have an existing .pre-commit-config.yaml in the root of your repo:
 
-* cp .pre-commit-config.example.yaml ../.pre-commit-config.yaml
+* `cp .pre-commit-config.example.yaml ../.pre-commit-config.yaml`
 
 Otherwise integrate the git-secrets example config into your existing file.
 
 Then:
 
-* cd ..
-* pre-commit install
-* git add .pre-commit-config.yaml
+* `cd ..`
+* `pre-commit install`
+* `git add .pre-commit-config.yaml`
 
 Next time you do a commit the git secrets hook should be invoked.
 
@@ -37,9 +40,7 @@ Next time you do a commit the git secrets hook should be invoked.
 
  `git secrets --add-provider -- cat git-secrets/nhsd-rules.txt`
 
-* Add file/dir excludes within wrapper.sh e.g.
-
- `git secrets --add --allowed '.*terraform.tfstate.*:*'`
+* Add file/dir excludes within .gitallowed, e.g. `.*terraform.tfstate.*:*`
 
 * Control full scan vs staged files scan within wrapper.sh by commenting/uncommenting the mode to run e.g.:
 
diff --git a/nhsd-git-secrets/pre-commit-mac.sh b/nhsd-git-secrets/pre-commit-mac.sh
@@ -4,8 +4,6 @@
 
 # These only need to be run once per workstation but are included to try and ensure they are present
 ./git-secrets --add-provider -- cat nhsd-git-secrets/nhsd-rules-linux-mac.txt
-./git-secrets --add --allowed '.*git-secrets/.*:*'
-./git-secrets --add --allowed '.*terraform.tfstate.*:*'
 
 # Just scan the files changed in this commit
 ./git-secrets --pre_commit_hook
diff --git a/nhsd-git-secrets/scan-repo-linux-mac.sh b/nhsd-git-secrets/scan-repo-linux-mac.sh
@@ -7,8 +7,6 @@ export PATH=$PATH:.
 # # These only need to be run once per workstation/slave/agent but are included to try and ensure they are present
 ./git-secrets --register-aws
 ./git-secrets --add-provider -- cat nhsd-git-secrets/nhsd-rules-linux-mac.txt
-./git-secrets --add --allowed '.*git-secrets/.*:*'
-./git-secrets --add --allowed '.*terraform.tfstate.*:*'
 
 # Scan all files within this repo for this commit
 ./git-secrets --scan
