Skip to content

Added installer selection for Gitleaks secret scanning.#2781

Merged
AlexSkrypnyk merged 5 commits into
mainfrom
feature/installer-gitleaks
Jul 9, 2026
Merged

Added installer selection for Gitleaks secret scanning.#2781
AlexSkrypnyk merged 5 commits into
mainfrom
feature/installer-gitleaks

Conversation

@AlexSkrypnyk

@AlexSkrypnyk AlexSkrypnyk commented Jul 9, 2026

Copy link
Copy Markdown
Member

Summary

Makes the Gitleaks secret-scanning CI step (added to Vortex CI in the 1.40 release) selectable in the installer, instead of being shipped unconditionally to every generated project. The new prompt defaults to enabled, so the out-of-the-box behavior for existing installer flows is unchanged.

Changes

  • New handler .vortex/installer/src/Prompts/Handlers/Gitleaks.php: a Confirm prompt in the "Continuous Integration" section, defaulting to enabled. On opt-out, its process() removes the Gitleaks CI step from both CI providers (via the new CI_GITLEAKS fence token) and deletes the .gitleaks.toml config file.
  • CI configs: the Gitleaks step in .github/workflows/build-test-deploy.yml and .circleci/config.yml is now wrapped in #;< CI_GITLEAKS / #;> CI_GITLEAKS conditional fences, the established token pattern already used by TOOL_PHPCS, MODULE_SDC_DEVEL, and others. When enabled (default) the markers are stripped and the step is retained byte-identical to before; when disabled the fenced block is removed entirely.
  • .vortex/installer/src/Prompts/PromptManager.php: registered the handler (import, prompt added to the CI section after Visual regression, reverse-order processor entry, response-summary line) and bumped TOTAL_RESPONSES from 35 to 36.
  • Tests: added .vortex/installer/tests/Functional/Handlers/GitleaksHandlerProcessTest.php covering enabled and disabled scenarios; added a gitleaks entry in AbstractHandlerTypeTest; and registered the new prompt in the shared AbstractHandlerDiscoveryTestCase expectation helpers (getExpectedDefaults, getExpectedInstalled, defaultTuiAnswers), which the ~30 handler-discovery tests assert against as a complete responses array.
  • Regenerated artifacts: the gitleaks_disabled snapshot fixture under .vortex/installer/tests/Fixtures/handler_process/ was regenerated to match the new handler output, and the installer demo video (installer.json/.svg/.png) was regenerated to record the new 36-prompt flow.

Screenshots

N/A - this is a non-visual change (installer PHP logic, CI YAML fencing, and regenerated test fixtures/demo video).

Before / After

Installer prompt flow - "Continuous Integration" section:

BEFORE                                   AFTER
─────────────────────                    ──────────────────────────────────────
Continuous Integration                   Continuous Integration
├─ CI provider                           ├─ CI provider
└─ Visual regression testing             ├─ Visual regression testing
                                          └─ Scan for committed secrets with
                                             Gitleaks?        [new, default: Yes]

CI YAML step - unconditional versus fenced/conditional:

BEFORE (always shipped)                  AFTER (installer-controlled)
────────────────────────                 ──────────────────────────────────────
┌──────────────────────────┐             ┌──────────────────────────────────┐
│ - Lint Docker Compose      │             │ - Lint Docker Compose              │
│   (DCLint)                 │             │   (DCLint)                         │
│ - Scan for committed       │             │ #;< CI_GITLEAKS                    │
│   secrets (Gitleaks)       │             │ - Scan for committed secrets       │
│ - Build stack              │             │   (Gitleaks)                       │
└──────────────────────────┘             │ #;> CI_GITLEAKS                    │
                                          │ - Build stack                      │
                                          └──────────────────────────────────┘

                                          Gitleaks prompt = Yes (default)
                                            → fences stripped, step kept as-is
                                          Gitleaks prompt = No
                                            → fenced block removed entirely

Summary by CodeRabbit

  • New Features
    • Added an optional secret-scanning step during installation, with the selected result reflected in the setup summary.
  • Bug Fixes
    • When secret scanning is disabled, the installer now cleans up associated temporary configuration and disables related CI secret-scanning behavior to match your selection.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ec9dbbc5-75e5-4382-94cb-52a5c37b86d4

📥 Commits

Reviewing files that changed from the base of the PR and between ff755fb and 53d6fde.

📒 Files selected for processing (1)
  • .vortex/installer/tests/Unit/Handlers/AbstractHandlerDiscoveryTestCase.php

Walkthrough

This PR adds a new Gitleaks installer prompt, wires it through prompt execution and summary output, marks the existing CI Gitleaks steps, and updates handler tests and fixtures.

Changes

Gitleaks Installer Handler

Layer / File(s) Summary
Gitleaks handler implementation
.vortex/installer/src/Prompts/Handlers/Gitleaks.php
New Gitleaks handler class with label, hint, default enabled state, .gitleaks.toml discovery, and cleanup logic for disabled runs.
PromptManager wiring
.vortex/installer/src/Prompts/PromptManager.php
Imports Gitleaks, increments TOTAL_RESPONSES to 36, adds it to the CI prompt section, includes it in runProcessors(), and adds its boolean result to getResponsesSummary().
CI marker wrapping
.circleci/config.yml, .github/workflows/build-test-deploy.yml
Existing Gitleaks scan steps are wrapped with CI_GITLEAKS internal markers without changing the command or error-handling behavior.
Handler tests and fixtures
.vortex/installer/tests/Functional/Handlers/GitleaksHandlerProcessTest.php, .vortex/installer/tests/Unit/Handlers/AbstractHandlerTypeTest.php, .vortex/installer/tests/Unit/Handlers/AbstractHandlerDiscoveryTestCase.php
Functional coverage for enabled/disabled processing plus unit fixtures for confirm-type inference and default/discovery responses.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • drevops/vortex#2516: Both PRs change PromptManager prompt/processor wiring and adjust TOTAL_RESPONSES for a new installer handler.
  • drevops/vortex#2681: Both PRs integrate a new prompt handler into the same installer flow, including prompt registration and response summary updates.

Suggested labels: Needs review, A2

Poem

I’m a rabbit with a nose for scans,
Hopping through configs and prompt plans.
Gitleaks joins the installer light,
Marked in CI, tidy and right,
And I nibble tests till they pass just fine. 🐰

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding installer selection for Gitleaks secret scanning.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/installer-gitleaks

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.vortex/installer/tests/Functional/Handlers/GitleaksHandlerProcessTest.php:
- Around line 13-20: The data provider in dataProviderHandlerProcess currently
includes both enabled and disabled Gitleaks cases, but Gitleaks::default()
already covers the enabled baseline. Remove the gitleaks_enabled dataset and
keep only gitleaks_disabled so the test focuses on the only path that produces a
snapshot diff, while leaving the Gitleaks::id() prompt setup intact.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 54de9dd8-f651-4926-81e9-79d6049d57bd

📥 Commits

Reviewing files that changed from the base of the PR and between ef25a67 and ff755fb.

⛔ Files ignored due to path filters (4)
  • .vortex/docs/static/img/installer.png is excluded by !**/*.png
  • .vortex/docs/static/img/installer.svg is excluded by !**/*.svg
  • .vortex/installer/tests/Fixtures/handler_process/gitleaks_disabled/-.gitleaks.toml is excluded by !.vortex/installer/tests/Fixtures/**
  • .vortex/installer/tests/Fixtures/handler_process/gitleaks_disabled/.github/workflows/build-test-deploy.yml is excluded by !.vortex/installer/tests/Fixtures/**
📒 Files selected for processing (7)
  • .circleci/config.yml
  • .github/workflows/build-test-deploy.yml
  • .vortex/docs/static/img/installer.json
  • .vortex/installer/src/Prompts/Handlers/Gitleaks.php
  • .vortex/installer/src/Prompts/PromptManager.php
  • .vortex/installer/tests/Functional/Handlers/GitleaksHandlerProcessTest.php
  • .vortex/installer/tests/Unit/Handlers/AbstractHandlerTypeTest.php

@github-actions

This comment has been minimized.

@AlexSkrypnyk

This comment has been minimized.

2 similar comments
@AlexSkrypnyk

This comment has been minimized.

@AlexSkrypnyk

This comment has been minimized.

@codecov

codecov Bot commented Jul 9, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 80.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.23%. Comparing base (ef25a67) to head (518dcf2).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...Unit/Handlers/AbstractHandlerDiscoveryTestCase.php 0.00% 3 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2781      +/-   ##
==========================================
- Coverage   86.69%   86.23%   -0.47%     
==========================================
  Files          96       90       -6     
  Lines        4727     4583     -144     
  Branches       47        3      -44     
==========================================
- Hits         4098     3952     -146     
- Misses        629      631       +2     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@AlexSkrypnyk

This comment has been minimized.

@github-actions

This comment has been minimized.

@AlexSkrypnyk

This comment has been minimized.

1 similar comment
@AlexSkrypnyk

This comment has been minimized.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

📖 Documentation preview for this pull request has been deployed to Netlify:

https://6a4f3406be3dda47868f8259--vortex-docs.netlify.app

This preview is rebuilt on every commit and is not the production documentation site.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Code coverage (threshold: 90%)

  Classes: 100.00% (1/1)
  Methods: 100.00% (2/2)
  Lines:   98.55% (204/207)
Per-class coverage
Drupal\ys_demo\Plugin\Block\CounterBlock
  Methods: 100.00% ( 2/ 2)   Lines: 100.00% ( 10/ 10)

@AlexSkrypnyk

This comment has been minimized.

2 similar comments
@AlexSkrypnyk

This comment has been minimized.

@AlexSkrypnyk

Copy link
Copy Markdown
Member Author

Code coverage (threshold: 90%)

  Classes: 100.00% (1/1)
  Methods: 100.00% (2/2)
  Lines:   98.55% (204/207)
Per-class coverage
Drupal\ys_demo\Plugin\Block\CounterBlock
  Methods: 100.00% ( 2/ 2)   Lines: 100.00% ( 10/ 10)

@AlexSkrypnyk AlexSkrypnyk merged commit 7957832 into main Jul 9, 2026
34 checks passed
@AlexSkrypnyk AlexSkrypnyk deleted the feature/installer-gitleaks branch July 9, 2026 05:44
@github-project-automation github-project-automation Bot moved this from BACKLOG to Release queue in Vortex 1.x Jul 9, 2026
@AlexSkrypnyk AlexSkrypnyk added the Needs review Pull request needs a review from assigned developers label Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Needs review Pull request needs a review from assigned developers

Projects

Status: Release queue

Development

Successfully merging this pull request may close these issues.

1 participant