-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathShared.pkl
More file actions
97 lines (77 loc) · 3.21 KB
/
Shared.pkl
File metadata and controls
97 lines (77 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import "./Builtins.pkl"
import "./Config.pkl"
actionlint = (Builtins.actionlint) {
// extend to include actiion.yml/yaml files XXX turned out this is not supported by actionlint at the moment
// glob = List(".github/workflows/*.yml", ".github/workflows/*.yaml", "action.yml", "action.yaml")
prefix = "mise x actionlint --"
// exclude managed tf- files which are generated
exclude = List(".github/workflows/tf-*")
}
prettier = (Builtins.prettier) {
prefix = "mise x prettier --"
// batching seems to cause problems in combination with using `mise x`
batch = false
// exclude files which are generated/managed
exclude = List(".github/workflows/tf-*", "CHANGELOG.md")
}
// renovate: datasource=github-tags depName=apple/pkl
local pkl_version = "0.30.1"
local pkl_prefix = "mise x pkl@\(pkl_version) --"
pkl = (Builtins.pkl) {
prefix = pkl_prefix
}
// Note: supported since pkl 0.30 - https://pkl-lang.org/main/current/release-notes/0.30.html
pklformat = (Builtins.pkl_format) {
prefix = pkl_prefix
}
spotlessGradle = new Config.Step {
// define relevant file types for default Spotless configuration to avoid unnecessary runs
glob = List("*.gradle", "*.java", "*.scala", "*.sc", "*.groovy", "*.kt", "*.kts", "*.md")
check = new Config.Script {
linux = "./gradlew spotlessCheck"
macos = "./gradlew spotlessCheck"
windows = "gradlew.bat spotlessCheck"
}
fix = new Config.Script {
linux = "./gradlew spotlessApply"
macos = "./gradlew spotlessApply"
windows = "gradlew.bat spotlessApply"
}
// Only run if Gradle wrapper exists - FIXME does this work with Windows?
// condition = "test -d gradle/wrapper" FIXME does not actually work like this - based on outdated example
//TODO reevaluate at a later time if we can add such a condition, for now we assume if this is imported, the project uses Gradle
}
// Secret detection tools
// https://github.com/Yelp/detect-secrets
detectsecrets = new Config.Step {
// needs a baseline
// create with `detect-secrets scan > .secrets.baseline`
// check will fail if file does not exist
check = "detect-secrets-hook --baseline .secrets.baseline {{files}}"
prefix = "mise x pipx:detect-secrets --"
}
// https://github.com/sirwart/ripsecrets
ripsecrets = new Config.Step {
check = "ripsecrets {{files}}"
prefix = "mise x ripsecrets --"
}
// https://github.com/gitleaks/gitleaks
gitleaks = new Config.Step {
// don't use latest as there may be breaking changes (even for minor version updates)
// renovate: datasource=github-tags depName=gitleaks/gitleaks
local gitleaks_version = "8.30.0"
// XXX scans whole folder if there are multiple files (see https://github.com/gitleaks/gitleaks/issues/1727)
check = "gitleaks dir -v {{files}}"
prefix = "mise x gitleaks@\(gitleaks_version) --"
}
// https://github.com/trufflesecurity/trufflehog
trufflehog = new Config.Step {
check = "trufflehog filesystem {{files}} --fail"
prefix = "mise x trufflehog --"
}
// https://trivy.dev/docs/latest/scanner/secret/
trivysecrets = new Config.Step {
// Note: trivy fs can only take one file/path as argument, so we can only scan the current directory and not pass the files
check = "trivy fs --exit-code 1 --scanners secret ."
prefix = "mise x trivy --"
}