Load signatures only once

This was manifesting in tests - if we kept loading signatures, they were
being added to the list of signatures, which was causing double matches

Author: jhrozek

src/codegate/pipeline/secrets/signatures.py

@@ -155,6 +155,11 @@ def _sanitize_pattern(cls, pattern: str) -> str:
     @classmethod
     def _add_signature_group(cls, name: str, patterns: Dict[str, str]) -> None:
         """Add a new signature group and compile its regex patterns."""
+        # Check if this group already exists
+        if any(group.name == name for group in cls._signature_groups):
+            logger.debug(f"Signature group {name} already exists, skipping")
+            return
+
         signature_group = SignatureGroup(name, patterns)
 
         for pattern_name, pattern in patterns.items():

tests/pipeline/secrets/test_signatures.py

@@ -167,3 +167,26 @@ def test_duplicate_patterns():
         assert match.value == "AKIAIOSFODNN7EXAMPLE"
     finally:
         os.unlink(f.name)
+
+
+def test_no_duplicate_signature_groups(temp_yaml_file):
+    """Test that signature groups aren't added multiple times"""
+    CodegateSignatures.initialize(temp_yaml_file)
+
+    # First load
+    CodegateSignatures._signatures_loaded = False
+    CodegateSignatures._load_signatures()
+    initial_group_count = len(CodegateSignatures._signature_groups)
+    initial_regex_count = len(CodegateSignatures._compiled_regexes)
+
+    # Second load
+    CodegateSignatures._signatures_loaded = False
+    CodegateSignatures._load_signatures()
+
+    # Verify counts haven't changed
+    assert len(CodegateSignatures._signature_groups) == initial_group_count
+    assert len(CodegateSignatures._compiled_regexes) == initial_regex_count
+
+    # Verify GitHub group appears only once
+    github_groups = [g for g in CodegateSignatures._signature_groups if g.name == "GitHub"]
+    assert len(github_groups) == 1