From 60e9a6c3e6f2eb26d6f85962af776c46d8e230bd Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 31 Aug 2021 10:24:01 -0700 Subject: [PATCH 01/41] Create gradle-build.yml --- .github/workflows/gradle-build.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/gradle-build.yml diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml new file mode 100644 index 000000000..fb3fd6240 --- /dev/null +++ b/.github/workflows/gradle-build.yml @@ -0,0 +1,30 @@ +# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle + +name: Java CI with Gradle + +on: + push: + branches: [ dev, master ] + pull_request: + branches: [ dev, master ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Easy detect-secrets + uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Set up JDK 11 + uses: actions/setup-java@v2 + with: + java-version: '11' + distribution: 'adopt' + cache: gradle + - name: Grant execute permission for gradlew + run: chmod +x gradlew + - name: Build with Gradle + run: ./gradlew build From cfabc037b5fa8f5408a4a61b89701a76ce6d8a6c Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 31 Aug 2021 11:56:07 -0700 Subject: [PATCH 02/41] Update .github/workflows/gradle-build.yml Co-authored-by: Vincent Biret --- .github/workflows/gradle-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index fb3fd6240..3228f121a 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -21,7 +21,7 @@ jobs: - name: Set up JDK 11 uses: actions/setup-java@v2 with: - java-version: '11' + java-version: '16' distribution: 'adopt' cache: gradle - name: Grant execute permission for gradlew From e9cd912340a01ccec5d276ac936546ed4fa537ab Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:17:12 -0700 Subject: [PATCH 03/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 3228f121a..c753039a0 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -4,10 +4,21 @@ name: Java CI with Gradle on: - push: - branches: [ dev, master ] pull_request: - branches: [ dev, master ] + branches: [ dev, master ] + paths-ignore: + - .gradle/wrapper + - .gitignore + - CONTRIBUTING.md + - LICENSE + - THIRD PARTY NOTICES + - gradle.properties + - gradlew + - gradlew.bat + - readme.md + - settings.gradle + - Scripts/* + jobs: build: From 1ab39c1ce123ed9498c8971034843410fa139186 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:26:52 -0700 Subject: [PATCH 04/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index c753039a0..6d7abe071 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -18,18 +18,22 @@ on: - readme.md - settings.gradle - Scripts/* + workflow_dispatch: + inputs: + purpose: + description: 'Purpose of Build' + required: false + default: 'Test' - jobs: build: - runs-on: ubuntu-latest - + steps: - uses: actions/checkout@v2 - name: Easy detect-secrets uses: RobertFischer/detect-secrets-action@v2.0.0 - - name: Set up JDK 11 + - name: Set up JDK 16 uses: actions/setup-java@v2 with: java-version: '16' From fe175acae764be9668902c800056c46188715198 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:31:48 -0700 Subject: [PATCH 05/41] Upload Artefacts --- .github/workflows/gradle-build.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 6d7abe071..fa4a2ce19 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -31,15 +31,38 @@ jobs: steps: - uses: actions/checkout@v2 + - name: Easy detect-secrets uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Set up JDK 16 uses: actions/setup-java@v2 with: java-version: '16' distribution: 'adopt' cache: gradle + - name: Grant execute permission for gradlew run: chmod +x gradlew + - name: Build with Gradle run: ./gradlew build + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v2.2.4 + with: + name: my-artifact + path: | + **/libs/* + build/generated-pom.xml + build/generated-pom.xml.asc + build.gradle + gradlew + gradlew.bat + settings.gradle + gradle.properties + **/gradle/** + Scripts/** + + + From 954a76e9ccbf029bc5ebb3cac9b4627e3fdc74c5 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:39:32 -0700 Subject: [PATCH 06/41] Update .github/workflows/gradle-build.yml Co-authored-by: Vincent Biret --- .github/workflows/gradle-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index fa4a2ce19..bc540a289 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -51,7 +51,7 @@ jobs: - name: Upload a Build Artifact uses: actions/upload-artifact@v2.2.4 with: - name: my-artifact + name: drop path: | **/libs/* build/generated-pom.xml From 215393ff7758abf06709269b8adbafa7f0f2b60d Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:45:48 -0700 Subject: [PATCH 07/41] Update gradle-build.yml Revert to onPush --- .github/workflows/gradle-build.yml | 40 +++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index bc540a289..00d961ee7 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -4,20 +4,36 @@ name: Java CI with Gradle on: + push: + branches: [ dev, master ] + paths: + - 'src/*' + - '!.gradle/wrapper' + - '!.gitignore' + - '!CONTRIBUTING.md' + - '!LICENSE' + - '!THIRD PARTY NOTICES' + - '!gradle.properties' + - '!gradlew' + - '!gradlew.bat' + - '!readme.md' + - '!settings.gradle' + - '!Scripts/*' pull_request: branches: [ dev, master ] - paths-ignore: - - .gradle/wrapper - - .gitignore - - CONTRIBUTING.md - - LICENSE - - THIRD PARTY NOTICES - - gradle.properties - - gradlew - - gradlew.bat - - readme.md - - settings.gradle - - Scripts/* + paths: + - 'src/*' + - '!.gradle/wrapper' + - '!.gitignore' + - '!CONTRIBUTING.md' + - '!LICENSE' + - '!THIRD PARTY NOTICES' + - '!gradle.properties' + - '!gradlew' + - '!gradlew.bat' + - '!readme.md' + - '!settings.gradle' + - '!Scripts/*' workflow_dispatch: inputs: purpose: From c353b17a9224f56ceb4820f4934671df932668d4 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 1 Sep 2021 12:58:38 -0700 Subject: [PATCH 08/41] Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update .github/workflows/gradle-build.yml Update gradle-build.yml Co-Authored-By: Vincent Biret --- .github/workflows/gradle-build.yml | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 00d961ee7..a7595974a 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -10,30 +10,20 @@ on: - 'src/*' - '!.gradle/wrapper' - '!.gitignore' - - '!CONTRIBUTING.md' - '!LICENSE' - '!THIRD PARTY NOTICES' - - '!gradle.properties' - - '!gradlew' - - '!gradlew.bat' - - '!readme.md' - - '!settings.gradle' - - '!Scripts/*' + - '!*.md' + - '*.gradle' pull_request: branches: [ dev, master ] paths: - 'src/*' - '!.gradle/wrapper' - '!.gitignore' - - '!CONTRIBUTING.md' - '!LICENSE' - '!THIRD PARTY NOTICES' - - '!gradle.properties' - - '!gradlew' - - '!gradlew.bat' - - '!readme.md' - - '!settings.gradle' - - '!Scripts/*' + - '!*.md' + - '*.gradle' workflow_dispatch: inputs: purpose: From 0bbbc91e043af2ab907fdd12d70545869f18ca8b Mon Sep 17 00:00:00 2001 From: ramsessanchez Date: Wed, 1 Sep 2021 16:06:02 -0700 Subject: [PATCH 09/41] Pwshl script to decode value and write to file --- scripts/decodeAndWrite.ps1 | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 scripts/decodeAndWrite.ps1 diff --git a/scripts/decodeAndWrite.ps1 b/scripts/decodeAndWrite.ps1 new file mode 100644 index 000000000..29a5a2a4f --- /dev/null +++ b/scripts/decodeAndWrite.ps1 @@ -0,0 +1,31 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +<# +.Synopsis + Decode the encoded string and write it to a local file. +.Description + Recieves an encoded string value and decodes it using base64. + Write the new decoded string to a local file for later consumption. +.Parameter encodedValue + The encoded string we wish to decode. +.Parameter outputPath + The file path that we wish to write the decoded value to. +#> + +Param( + [string]$encodedValue , + [string]$outputPath +) + +if($outputPath -eq "" -or $null -eq $outputPath) { + Write-Output "Value of Variable: outputPath is Null or Empty. Exiting." + Exit +} +if($encodedValue -eq "" -or $null -eq $encodedValue) { + Write-Output "Value of Variable: encodedValue is Null of Empty. Exiting." + Exit +} + +$decodedValue = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedValue)) +$decodedValue | Out-File -FilePath $outputPath From 9b6bd5366690f27341b103fc81711ed3f2259d33 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 2 Sep 2021 11:04:16 -0700 Subject: [PATCH 10/41] Update decodeAndWrite.ps1 --- scripts/decodeAndWrite.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/decodeAndWrite.ps1 b/scripts/decodeAndWrite.ps1 index 29a5a2a4f..8a0045bae 100644 --- a/scripts/decodeAndWrite.ps1 +++ b/scripts/decodeAndWrite.ps1 @@ -27,5 +27,5 @@ if($encodedValue -eq "" -or $null -eq $encodedValue) { Exit } -$decodedValue = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedValue)) -$decodedValue | Out-File -FilePath $outputPath +$decodedValue = [System.Convert]::FromBase64String($encodedValue) +Set-Content $outputPath -Value $decodedValue -Encoding Byte From a8bd66a580962245daed0cbbccd8e4ea0cc21c36 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 2 Sep 2021 11:48:04 -0700 Subject: [PATCH 11/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index a7595974a..f35885dcd 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -47,6 +47,13 @@ jobs: java-version: '16' distribution: 'adopt' cache: gradle + + ##Copy the Step below for the other files with the appropriate values + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $ENCODED_VALUE -outputPath $OUTPUT_PATH + shell: pwsh + env: + ENCODED_VALUE: "" + OUPUT_PATH: "" - name: Grant execute permission for gradlew run: chmod +x gradlew From 6bd8e0c7e84d53424b7d611475a69516e5c1028a Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 2 Sep 2021 13:07:34 -0700 Subject: [PATCH 12/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 77 ++++++++++++++---------------- 1 file changed, 36 insertions(+), 41 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index f35885dcd..469194f1e 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -34,48 +34,43 @@ on: jobs: build: runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Easy detect-secrets - uses: RobertFischer/detect-secrets-action@v2.0.0 - - - name: Set up JDK 16 - uses: actions/setup-java@v2 - with: - java-version: '16' - distribution: 'adopt' - cache: gradle - - ##Copy the Step below for the other files with the appropriate values - - run: .\scripts\decodeAndWrite.ps1 -encodedValue $ENCODED_VALUE -outputPath $OUTPUT_PATH - shell: pwsh - env: - ENCODED_VALUE: "" - OUPUT_PATH: "" - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Build with Gradle - run: ./gradlew build - - - name: Upload a Build Artifact - uses: actions/upload-artifact@v2.2.4 - with: - name: drop - path: | - **/libs/* - build/generated-pom.xml - build/generated-pom.xml.asc - build.gradle - gradlew - gradlew.bat - settings.gradle - gradle.properties - **/gradle/** - Scripts/** + - uses: actions/checkout@v2 + - name: Easy detect-secrets + uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Set up JDK 16 + uses: actions/setup-java@v2 + with: + java-version: '16' + distribution: 'adopt' + cache: gradle + + ##Copy the Step below for the other files with the appropriate values + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $ENCODED_VALUE -outputPath $OUTPUT_PATH + shell: pwsh + env: + ENCODED_VALUE: "" + OUPUT_PATH: "" + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + - name: Build with Gradle + run: ./gradlew build + - name: Upload a Build Artifact + uses: actions/upload-artifact@v2.2.4 + with: + name: drop + path: | + **/libs/* + build/generated-pom.xml + build/generated-pom.xml.asc + build.gradle + gradlew + gradlew.bat + settings.gradle + gradle.properties + **/gradle/** + Scripts/** From 948b6cdaf2418a463020bf67d7110007223900af Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 10:50:18 -0700 Subject: [PATCH 13/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 4656d4bf6..1a115b588 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -36,7 +36,7 @@ jobs: cache: gradle ##Copy the Step below for the other files with the appropriate values - - run: .\scripts\decodeAndWrite.ps1 -encodedValue $ENCODED_VALUE -outputPath $OUTPUT_PATH + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: ENCODED_VALUE: "" From dcc6a01edbb9ee3fd2741e61067188747447e28f Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 11:15:39 -0700 Subject: [PATCH 14/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 1a115b588..7d9e0db15 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -8,6 +8,7 @@ on: branches: [ dev, master ] paths: - 'src/*' + - '.github/*' - '!.gradle/wrapper' - '!.gitignore' - '!LICENSE' From 0890feee623abf7a22293859e9768ccb951451ca Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 11:30:50 -0700 Subject: [PATCH 15/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 7d9e0db15..7381e44ad 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -4,6 +4,7 @@ name: Java CI with Gradle on: + workflow_dispatch: pull_request: branches: [ dev, master ] paths: @@ -15,13 +16,7 @@ on: - '!THIRD PARTY NOTICES' - '!*.md' - '*.gradle' - workflow_dispatch: - inputs: - purpose: - description: 'Purpose of Build' - required: false - default: 'Test' - + jobs: build: runs-on: ubuntu-latest From 9e2e8be49b80347a5dd746f74a38e6ea6ddf7f51 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 11:40:24 -0700 Subject: [PATCH 16/41] Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml --- .github/workflows/gradle-build.yml | 8 ++++---- gradle.properties | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 7381e44ad..428236e03 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -4,19 +4,19 @@ name: Java CI with Gradle on: - workflow_dispatch: pull_request: branches: [ dev, master ] paths: - - 'src/*' - - '.github/*' + - 'src/**' + - '.github/**' - '!.gradle/wrapper' - '!.gitignore' - '!LICENSE' - '!THIRD PARTY NOTICES' - '!*.md' - '*.gradle' - + workflow_dispatch: + jobs: build: runs-on: ubuntu-latest diff --git a/gradle.properties b/gradle.properties index 884db4ece..296116ffc 100644 --- a/gradle.properties +++ b/gradle.properties @@ -34,7 +34,7 @@ mavenArtifactSuffix = #ex: C:\Users\username\.gradle\gradle.properties ClientId="CLIENT_ID" Username="USERNAME" -Password="PASSWORD" +#Password="PASSWORD" #enable mavenCentralPublishingEnabled to publish to maven central mavenCentralSnapshotArtifactSuffix = -SNAPSHOT From 3a5839c84d5e0357baae5adddb815233fff92d53 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 12:23:51 -0700 Subject: [PATCH 17/41] Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle.properties Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle-build.yml Update gradle-build.yml --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 296116ffc..884db4ece 100644 --- a/gradle.properties +++ b/gradle.properties @@ -34,7 +34,7 @@ mavenArtifactSuffix = #ex: C:\Users\username\.gradle\gradle.properties ClientId="CLIENT_ID" Username="USERNAME" -#Password="PASSWORD" +Password="PASSWORD" #enable mavenCentralPublishingEnabled to publish to maven central mavenCentralSnapshotArtifactSuffix = -SNAPSHOT From 5c0c01eab3869551aface8ff38ac079a71cb91d7 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 8 Sep 2021 01:58:47 -0700 Subject: [PATCH 18/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 428236e03..54069c3ff 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -30,14 +30,16 @@ jobs: java-version: '16' distribution: 'adopt' cache: gradle - - ##Copy the Step below for the other files with the appropriate values - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: - ENCODED_VALUE: "" - OUPUT_PATH: "" - + ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }} + OUPUT_PATH: .\local.properties + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH + shell: pwsh + env: + ENCODED_VALUE: ${{ secrets.SECRING_GPG }} + OUPUT_PATH: .\secring.gpg - name: Grant execute permission for gradlew run: chmod +x gradlew - name: Build with Gradle From 0424edfb3a63f58687c9b6c3de3ed3b4e6a5a214 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 2 Sep 2021 13:09:02 -0700 Subject: [PATCH 19/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 469194f1e..4656d4bf6 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -4,16 +4,6 @@ name: Java CI with Gradle on: - push: - branches: [ dev, master ] - paths: - - 'src/*' - - '!.gradle/wrapper' - - '!.gitignore' - - '!LICENSE' - - '!THIRD PARTY NOTICES' - - '!*.md' - - '*.gradle' pull_request: branches: [ dev, master ] paths: From dd06f09f68084f5d4f27942469f1cbf581174561 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 8 Sep 2021 09:47:25 -0700 Subject: [PATCH 20/41] Try Different Credscan --- .github/workflows/gradle-build.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 54069c3ff..440e8879e 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,8 +22,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Easy detect-secrets - uses: RobertFischer/detect-secrets-action@v2.0.0 + #- name: Easy detect-secrets + # uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Perform Scan + uses: ShiftLeftSecurity/scan-action@master + with: + type: "credscan,java,depscan" - name: Set up JDK 16 uses: actions/setup-java@v2 with: From 08a9f5896e72c08fd4adf9d5e43a1e58dc94af1c Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 8 Sep 2021 10:23:28 -0700 Subject: [PATCH 21/41] Add commitback for baseline file --- .github/workflows/gradle-build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 440e8879e..4c4cca70f 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,12 +22,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - #- name: Easy detect-secrets - # uses: RobertFischer/detect-secrets-action@v2.0.0 - - name: Perform Scan - uses: ShiftLeftSecurity/scan-action@master + - name: Run Yelp's detect-secrets + uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Commit back .secrets.baseline (if it was missing) + uses: stefanzweifel/git-auto-commit-action@v4 with: - type: "credscan,java,depscan" + commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file" - name: Set up JDK 16 uses: actions/setup-java@v2 with: From e2f9d20deb3d5476ac4e04f14366a1b56b1858df Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 12:46:24 -0700 Subject: [PATCH 22/41] add baselie file --- .secrets.baseline | Bin 0 -> 4872 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .secrets.baseline diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000000000000000000000000000000000000..483572e8ed2dc09075838ef51a35bd5804e834a2 GIT binary patch literal 4872 zcmd^@Yik-o6o${|LjObXb1PAE!F)?EkhJsy3WZ)+jCZ1|Rg*L=`Ri?;cV;K+rV1vy z#ZngI>^O6-?|J7;e*OGmkL{7|@D%LQ+BUJN^=)J^??-O7WJTNMQ(@-G-0HCn?83UN zj@c72p0dA{?E7@PQnFJmdh^<1YuJz-LC-O|XGrTX-()o6{n}ozV#X)T6f$ye<}6xW z&j+j7Yh>ml{X3DEAib9O&>%+b-1I#oT8jID?b!*@>srrVl93rUjBJdLvSZ@1)Xiit z&BTCThkRy9F80Xw{@QW&mi5WpF%g+z*XDEi91M<--XaR}dGi`hi0!wHMYiHnnVo`VN9^4r0BX}HFRNiI6R!cYxlx9weyTo`zMjGoO`X`NaSPSqQ%mg#`nFLP&f zfoMyL@S;xR{$0b^p{;jYfvU#PA4KjXY`RF#7#HtoE3$XMGr|{nGG%AceMjy+Mpm?7 zjqhrLKdZ9#dX_e^a>%1jEZC^iJ!VEo5+}95l`K}T6eZo8`X`;as!89+MO6RD`PXEo zjo0&iT*`Rr0Al0}SffsGki@ur?@nMn&wJ=r2j%l4UsC^LeC|8{)elB))M33M60=gw z{CD%T+*%<_r^oWYcLiE6|uqJVN~Bjrspn6%HA%;VOiNJtIeoBors}ht1%9q z>?9{y=<*ivq9lb=OWDibSs&)XpZ%uS(nI|xxm5-us=mUOlFWoKf^QUPH z28QTW4*l*5b_C3XJl$kw=8@zh^RMAz6?>OO{(nKiVJ7Fw^Ia4Kl+53e3+}%u!j_mK k@RLTN!pqb|nc8^DcQyH2=e-IC?eQEjziS^^FZo{QZxFzlzyJUM literal 0 HcmV?d00001 From 6220dbc873beeaec6366b9f8214cac879e778a89 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 12:48:53 -0700 Subject: [PATCH 23/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 4c4cca70f..11eb4ace1 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -24,10 +24,6 @@ jobs: - uses: actions/checkout@v2 - name: Run Yelp's detect-secrets uses: RobertFischer/detect-secrets-action@v2.0.0 - - name: Commit back .secrets.baseline (if it was missing) - uses: stefanzweifel/git-auto-commit-action@v4 - with: - commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file" - name: Set up JDK 16 uses: actions/setup-java@v2 with: From 0758a7bb09556acc67d6368a0d1280998f2cc1a9 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Thu, 9 Sep 2021 16:10:45 -0400 Subject: [PATCH 24/41] - fixes file encoding --- .secrets.baseline | Bin 4872 -> 2322 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 483572e8ed2dc09075838ef51a35bd5804e834a2..bbd667efb3f3b18f9378495af05be5cbe62047eb 100644 GIT binary patch literal 2322 zcmcgu+iu%141Moc7=GRi=h7DLTXzB44Z8p-FktH-C=zWGktJ7`rrFScAFZTmi*}jN zZUX|xkx1&0I)}{9y)4Tw!8$ZLKg#k^Q5KW@#jx6|(4clKIFPjUjn=a4XMEDG<{bl3(2fH*12oe)pwT|D-bcWK8C4#u5y zT%_5*TlzDz0G(z{ceFHCZjILzppq}v8w{?53NjLBH%mTnRHDVM-^SWmhmUEQv6nBlvlj?sX?wy1Kz;BKYdp=Js$K@r;VQx0w+SV{y%JX=e&)WVpB8Z2l5PfF%qOoa1J*sl9r8Owe&l}67f}*F905r6SMmIz4c1lsJ@~b}fr&$c2ZCcuv za%4d=fSd8RBl=DABafE5_7?FlW=G@s{ID8L$|*gi6!k$hhH+KPeNm65)qJvF1D_n; zJ(k3=Rzn=eHCGPq91&%xLpKLYc}=QFvn;!g-%;~~^O6-?|J7;e*OGmkL{7|@D%LQ+BUJN^=)J^??-O7WJTNMQ(@-G-0HCn?83UN zj@c72p0dA{?E7@PQnFJmdh^<1YuJz-LC-O|XGrTX-()o6{n}ozV#X)T6f$ye<}6xW z&j+j7Yh>ml{X3DEAib9O&>%+b-1I#oT8jID?b!*@>srrVl93rUjBJdLvSZ@1)Xiit z&BTCThkRy9F80Xw{@QW&mi5WpF%g+z*XDEi91M<--XaR}dGi`hi0!wHMYiHnnVo`VN9^4r0BX}HFRNiI6R!cYxlx9weyTo`zMjGoO`X`NaSPSqQ%mg#`nFLP&f zfoMyL@S;xR{$0b^p{;jYfvU#PA4KjXY`RF#7#HtoE3$XMGr|{nGG%AceMjy+Mpm?7 zjqhrLKdZ9#dX_e^a>%1jEZC^iJ!VEo5+}95l`K}T6eZo8`X`;as!89+MO6RD`PXEo zjo0&iT*`Rr0Al0}SffsGki@ur?@nMn&wJ=r2j%l4UsC^LeC|8{)elB))M33M60=gw z{CD%T+*%<_r^oWYcLiE6|uqJVN~Bjrspn6%HA%;VOiNJtIeoBors}ht1%9q z>?9{y=<*ivq9lb=OWDibSs&)XpZ%uS(nI|xxm5-us=mUOlFWoKf^QUPH z28QTW4*l*5b_C3XJl$kw=8@zh^RMAz6?>OO{(nKiVJ7Fw^Ia4Kl+53e3+}%u!j_mK k@RLTN!pqb|nc8^DcQyH2=e-IC?eQEjziS^^FZo{QZxFzlzyJUM From 27eb7b7a51761c81fa04b679baa9f9b00d80c3c4 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:26:39 -0700 Subject: [PATCH 25/41] verify secrets --- .secrets.baseline | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index bbd667efb..57c3f428e 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -95,7 +95,7 @@ "type": "Secret Keyword", "filename": "android\\gradle.properties", "hashed_secret": "112bb791304791ddcf692e29fd5cf149b35fea37", - "is_verified": false, + "is_verified": true, "line_number": 39 } ], @@ -104,7 +104,7 @@ "type": "Secret Keyword", "filename": "gradle.properties", "hashed_secret": "112bb791304791ddcf692e29fd5cf149b35fea37", - "is_verified": false, + "is_verified": true, "line_number": 37 } ] From 2c23fc5e1f70ebf93e41a4a3e4e452d5def56013 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:44:44 -0700 Subject: [PATCH 26/41] Try Credscan via Script --- .github/workflows/gradle-build.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 11eb4ace1..339a4d352 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,14 +22,24 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Run Yelp's detect-secrets - uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Setup Python + uses: actions/setup-python@v2.2.2 - name: Set up JDK 16 uses: actions/setup-java@v2 with: java-version: '16' distribution: 'adopt' cache: gradle + - name: run credscan + run: | + python -m pip install detect-secrets==1.0.3 + cp .secrets.baseline .secrets.new + detect-secrets scan --baseline .secrets.new $(find . -type f ! -name '.secrets.*' ! -path '*/.git*') + list_secrets() { jq -r '.results | keys[] as $key | "\($key),\(.[$key] | .[] | .hashed_secret)"' "$1" | sort; } + if ! diff <(list_secrets .secrets.baseline) <(list_secrets .secrets.new) >&2; then + echo "Detected new secrets in the repo" >&2 + exit 1 + fi - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: From 3959babf00a17b1f884bd34974dced6ea95e5f5b Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:56:19 -0700 Subject: [PATCH 27/41] baseline file with excluded files --- .secrets.baseline | Bin 2320 -> 4074 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 57c3f428efd859b1c83273fc25033bdb53fb0923..1d26e6f1b6b95fcb162249a31fe423e6305f9700 100644 GIT binary patch literal 4074 zcmd6qYik-o6o${|LjObYb1R8S3eC6l0;Z)GP$;y7#jaPf?pie$8}irNKJUy<)(sX+ zb%V(2>^O7o=bd-{{JycL_Qam?soACVY-%$bS!OBk$8L7t>bA#oz|8Zd)e}qX!Un8P z*%L9IvA>(|`+m1lvI{MG^V(AD*q9wb&k4HcNb55nGs<{h*jrZ2dBRMsB=>g7qV@HB zwU&KAW;N1(5s4|%Te%M%V$`cl-)o|!xWBYRYZASI4ecEnnPWp{6MU2%QvH8hFs_0}SL;Cd-^oHFn~ z6?|$x$XDU}sq3We`yTXUR9F*@>dWnGd2d%_u1y}#iFI0m2H)#f4pF)*`y?jFIxB|If9IjmAfe^YXL~Rir zRo;089<<1BAM2%Ife+J4bo>ONI>_$X=L)ef;QRzV+wamgy`VZ3H&`#zp=!^T&gdG^ zmK4>Cn8w3d!^BnF@U8>Zje#FT?j(#|r00z5_q5g7oAAl-MV`#qS$DsYdry%Stytq( zP4H)3)ZWa}7%Rto#KeM)I^9!dR7t|5E_Ee~#g(F*y@@~R%vDc%9v9L5ne#7Zria(d zJgz`IF@O{~32VdzlRU(h;vtHr#=dTK15=mjj_|m3E3LXgU4sKNvMs)!IIGH> zEXvVd7_f@bc~p`|Q!3pvxbiKvz`_A*I_MA<)`^9`OKGP%#AE1k6twf~UR=Wel3(2fH*12oe)pwT|D-bcWK8C4#u5y zT%_5*TlzDz0G(z{ceFHCZjILzppq}v8w{?53NjLBH%mTnRHDVM-^SWmhmUEQv6nBlvlj?sX?wy1Kz;BKYdp=Js$K@r;VQx0w+SV{y%JX=e&)WVpB8Z2l5PfF%qOoa1J*sl9r8Owe&l}67f}*F905r6SMmIz4c1lsJ@~b}fr&$c2ZCcuv za%4d=fSd8RBl=DABafE5_7?FlW=G@s{ID8L$|*gi6!k$hhH+KPeNm65)qJvF1D_n; zJ(k3=Rzn=e-UhgHLR6s+-5e~XHK`)Yvg|s3N68b6e^P;mLGQr&?};DYPn>?m{~>t; g8f>HuA4Y#ZF2|#nWksK}QFSz(9+l Date: Thu, 9 Sep 2021 14:01:58 -0700 Subject: [PATCH 28/41] Fix encoding --- .secrets.baseline | Bin 4074 -> 2036 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 1d26e6f1b6b95fcb162249a31fe423e6305f9700..b83d75a8c5809265ce7fa41845ba34048b1df1fd 100644 GIT binary patch literal 2036 zcmb_d+iKfD5Pc8iAB>(`;n+!`eoHUlwDbZt6k5u%-5pDVN4v^ie5uL5cUDqO0tuFl zK_Ic(GuJa`c9$1}LACB$gc8XKF(e>$2G+QjTg~_=6}D^;b5?9Uko#{f`qws z0T)sQ>$V>tK>EnqOAn2qXE8r!pW%q>f1`sL8C{Rpb3mR=vF^jP=t> zs@{-K>oB)VFueiXy|s0Ef4^f0cVgN85wKAdb;GQKH2NZuREbr+w|A&6U+ez$`0j8e z!%>8rkyOjx!OZL;klcdnkGPN0!MCGWm^fcUZx{15653~`ES2_mD-8>zz@qV@G}JPb zNg8yc2f~AL5PaUja!F*@gg)fx1)%}4KVhkPsf7oODqB_7B#T%W>p%+~K?EyU-f)3R z2G%%HTSA54A4x!kMi8ukIO5TX&P#}n^Fh`4HyR!5pm4AN2S&lEIXy8;xCGh?)WWwa zc8*wU8^8pVBx1yqYyTw9n$yM&*ME(n6xtF=CpnU98(oAG2c{K*y{E-(H8N`o-t literal 4074 zcmd6qYik-o6o${|LjObYb1R8S3eC6l0;Z)GP$;y7#jaPf?pie$8}irNKJUy<)(sX+ zb%V(2>^O7o=bd-{{JycL_Qam?soACVY-%$bS!OBk$8L7t>bA#oz|8Zd)e}qX!Un8P z*%L9IvA>(|`+m1lvI{MG^V(AD*q9wb&k4HcNb55nGs<{h*jrZ2dBRMsB=>g7qV@HB zwU&KAW;N1(5s4|%Te%M%V$`cl-)o|!xWBYRYZASI4ecEnnPWp{6MU2%QvH8hFs_0}SL;Cd-^oHFn~ z6?|$x$XDU}sq3We`yTXUR9F*@>dWnGd2d%_u1y}#iFI0m2H)#f4pF)*`y?jFIxB|If9IjmAfe^YXL~Rir zRo;089<<1BAM2%Ife+J4bo>ONI>_$X=L)ef;QRzV+wamgy`VZ3H&`#zp=!^T&gdG^ zmK4>Cn8w3d!^BnF@U8>Zje#FT?j(#|r00z5_q5g7oAAl-MV`#qS$DsYdry%Stytq( zP4H)3)ZWa}7%Rto#KeM)I^9!dR7t|5E_Ee~#g(F*y@@~R%vDc%9v9L5ne#7Zria(d zJgz`IF@O{~32VdzlRU(h;vtHr#=dTK15=mjj_|m3E3LXgU4sKNvMs)!IIGH> zEXvVd7_f@bc~p`|Q!3pvxbiKvz`_A*I_MA<)`^9`OKGP%#AE1k6twf~UR=We Date: Thu, 9 Sep 2021 14:13:08 -0700 Subject: [PATCH 29/41] Tool Test --- .github/workflows/gradle-build.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 339a4d352..90439dfcb 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -30,16 +30,8 @@ jobs: java-version: '16' distribution: 'adopt' cache: gradle - - name: run credscan - run: | - python -m pip install detect-secrets==1.0.3 - cp .secrets.baseline .secrets.new - detect-secrets scan --baseline .secrets.new $(find . -type f ! -name '.secrets.*' ! -path '*/.git*') - list_secrets() { jq -r '.results | keys[] as $key | "\($key),\(.[$key] | .[] | .hashed_secret)"' "$1" | sort; } - if ! diff <(list_secrets .secrets.baseline) <(list_secrets .secrets.new) >&2; then - echo "Detected new secrets in the repo" >&2 - exit 1 - fi + - name: Easy detect-secrets + uses: RobertFischer/detect-secrets-action@v2.0.0 - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: From 39030ee6607612af9805c839c4bbe1231a613a9a Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Tue, 7 Sep 2021 10:50:18 -0700 Subject: [PATCH 30/41] Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle.properties Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle-build.yml Update gradle.properties Update gradle-build.yml Update gradle-build.yml --- .github/workflows/gradle-build.yml | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 4656d4bf6..54069c3ff 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -7,20 +7,16 @@ on: pull_request: branches: [ dev, master ] paths: - - 'src/*' + - 'src/**' + - '.github/**' - '!.gradle/wrapper' - '!.gitignore' - '!LICENSE' - '!THIRD PARTY NOTICES' - '!*.md' - '*.gradle' - workflow_dispatch: - inputs: - purpose: - description: 'Purpose of Build' - required: false - default: 'Test' - + workflow_dispatch: + jobs: build: runs-on: ubuntu-latest @@ -34,14 +30,16 @@ jobs: java-version: '16' distribution: 'adopt' cache: gradle - - ##Copy the Step below for the other files with the appropriate values - - run: .\scripts\decodeAndWrite.ps1 -encodedValue $ENCODED_VALUE -outputPath $OUTPUT_PATH + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: - ENCODED_VALUE: "" - OUPUT_PATH: "" - + ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }} + OUPUT_PATH: .\local.properties + - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH + shell: pwsh + env: + ENCODED_VALUE: ${{ secrets.SECRING_GPG }} + OUPUT_PATH: .\secring.gpg - name: Grant execute permission for gradlew run: chmod +x gradlew - name: Build with Gradle From 873a40e42259b7fb55a866f646b5563c48e70f85 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Wed, 8 Sep 2021 09:47:25 -0700 Subject: [PATCH 31/41] Try Different Credscan Add commitback for baseline file --- .github/workflows/gradle-build.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 54069c3ff..4c4cca70f 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,8 +22,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Easy detect-secrets + - name: Run Yelp's detect-secrets uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Commit back .secrets.baseline (if it was missing) + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file" - name: Set up JDK 16 uses: actions/setup-java@v2 with: From e7bfb5de24c4af31712b7bbe97570aa6a9f4649d Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 12:46:24 -0700 Subject: [PATCH 32/41] add baselie file --- .secrets.baseline | Bin 0 -> 4872 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .secrets.baseline diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000000000000000000000000000000000000..483572e8ed2dc09075838ef51a35bd5804e834a2 GIT binary patch literal 4872 zcmd^@Yik-o6o${|LjObXb1PAE!F)?EkhJsy3WZ)+jCZ1|Rg*L=`Ri?;cV;K+rV1vy z#ZngI>^O6-?|J7;e*OGmkL{7|@D%LQ+BUJN^=)J^??-O7WJTNMQ(@-G-0HCn?83UN zj@c72p0dA{?E7@PQnFJmdh^<1YuJz-LC-O|XGrTX-()o6{n}ozV#X)T6f$ye<}6xW z&j+j7Yh>ml{X3DEAib9O&>%+b-1I#oT8jID?b!*@>srrVl93rUjBJdLvSZ@1)Xiit z&BTCThkRy9F80Xw{@QW&mi5WpF%g+z*XDEi91M<--XaR}dGi`hi0!wHMYiHnnVo`VN9^4r0BX}HFRNiI6R!cYxlx9weyTo`zMjGoO`X`NaSPSqQ%mg#`nFLP&f zfoMyL@S;xR{$0b^p{;jYfvU#PA4KjXY`RF#7#HtoE3$XMGr|{nGG%AceMjy+Mpm?7 zjqhrLKdZ9#dX_e^a>%1jEZC^iJ!VEo5+}95l`K}T6eZo8`X`;as!89+MO6RD`PXEo zjo0&iT*`Rr0Al0}SffsGki@ur?@nMn&wJ=r2j%l4UsC^LeC|8{)elB))M33M60=gw z{CD%T+*%<_r^oWYcLiE6|uqJVN~Bjrspn6%HA%;VOiNJtIeoBors}ht1%9q z>?9{y=<*ivq9lb=OWDibSs&)XpZ%uS(nI|xxm5-us=mUOlFWoKf^QUPH z28QTW4*l*5b_C3XJl$kw=8@zh^RMAz6?>OO{(nKiVJ7Fw^Ia4Kl+53e3+}%u!j_mK k@RLTN!pqb|nc8^DcQyH2=e-IC?eQEjziS^^FZo{QZxFzlzyJUM literal 0 HcmV?d00001 From c9072de947d09418aa29d9cb1c7a372f88f62635 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 12:48:53 -0700 Subject: [PATCH 33/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 4c4cca70f..11eb4ace1 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -24,10 +24,6 @@ jobs: - uses: actions/checkout@v2 - name: Run Yelp's detect-secrets uses: RobertFischer/detect-secrets-action@v2.0.0 - - name: Commit back .secrets.baseline (if it was missing) - uses: stefanzweifel/git-auto-commit-action@v4 - with: - commit_message: "build(detect-secrets): Commit the newly-generated .secrets.baseline file" - name: Set up JDK 16 uses: actions/setup-java@v2 with: From 160496ba742a9ccfa1aa9b6e62b3de97f92c07d2 Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Thu, 9 Sep 2021 16:10:45 -0400 Subject: [PATCH 34/41] - fixes file encoding --- .secrets.baseline | Bin 4872 -> 2322 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 483572e8ed2dc09075838ef51a35bd5804e834a2..bbd667efb3f3b18f9378495af05be5cbe62047eb 100644 GIT binary patch literal 2322 zcmcgu+iu%141Moc7=GRi=h7DLTXzB44Z8p-FktH-C=zWGktJ7`rrFScAFZTmi*}jN zZUX|xkx1&0I)}{9y)4Tw!8$ZLKg#k^Q5KW@#jx6|(4clKIFPjUjn=a4XMEDG<{bl3(2fH*12oe)pwT|D-bcWK8C4#u5y zT%_5*TlzDz0G(z{ceFHCZjILzppq}v8w{?53NjLBH%mTnRHDVM-^SWmhmUEQv6nBlvlj?sX?wy1Kz;BKYdp=Js$K@r;VQx0w+SV{y%JX=e&)WVpB8Z2l5PfF%qOoa1J*sl9r8Owe&l}67f}*F905r6SMmIz4c1lsJ@~b}fr&$c2ZCcuv za%4d=fSd8RBl=DABafE5_7?FlW=G@s{ID8L$|*gi6!k$hhH+KPeNm65)qJvF1D_n; zJ(k3=Rzn=eHCGPq91&%xLpKLYc}=QFvn;!g-%;~~^O6-?|J7;e*OGmkL{7|@D%LQ+BUJN^=)J^??-O7WJTNMQ(@-G-0HCn?83UN zj@c72p0dA{?E7@PQnFJmdh^<1YuJz-LC-O|XGrTX-()o6{n}ozV#X)T6f$ye<}6xW z&j+j7Yh>ml{X3DEAib9O&>%+b-1I#oT8jID?b!*@>srrVl93rUjBJdLvSZ@1)Xiit z&BTCThkRy9F80Xw{@QW&mi5WpF%g+z*XDEi91M<--XaR}dGi`hi0!wHMYiHnnVo`VN9^4r0BX}HFRNiI6R!cYxlx9weyTo`zMjGoO`X`NaSPSqQ%mg#`nFLP&f zfoMyL@S;xR{$0b^p{;jYfvU#PA4KjXY`RF#7#HtoE3$XMGr|{nGG%AceMjy+Mpm?7 zjqhrLKdZ9#dX_e^a>%1jEZC^iJ!VEo5+}95l`K}T6eZo8`X`;as!89+MO6RD`PXEo zjo0&iT*`Rr0Al0}SffsGki@ur?@nMn&wJ=r2j%l4UsC^LeC|8{)elB))M33M60=gw z{CD%T+*%<_r^oWYcLiE6|uqJVN~Bjrspn6%HA%;VOiNJtIeoBors}ht1%9q z>?9{y=<*ivq9lb=OWDibSs&)XpZ%uS(nI|xxm5-us=mUOlFWoKf^QUPH z28QTW4*l*5b_C3XJl$kw=8@zh^RMAz6?>OO{(nKiVJ7Fw^Ia4Kl+53e3+}%u!j_mK k@RLTN!pqb|nc8^DcQyH2=e-IC?eQEjziS^^FZo{QZxFzlzyJUM From 0323db607422fe7dba44f6dac1a6cdad93206e45 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:26:39 -0700 Subject: [PATCH 35/41] verify secrets --- .secrets.baseline | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index bbd667efb..57c3f428e 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -95,7 +95,7 @@ "type": "Secret Keyword", "filename": "android\\gradle.properties", "hashed_secret": "112bb791304791ddcf692e29fd5cf149b35fea37", - "is_verified": false, + "is_verified": true, "line_number": 39 } ], @@ -104,7 +104,7 @@ "type": "Secret Keyword", "filename": "gradle.properties", "hashed_secret": "112bb791304791ddcf692e29fd5cf149b35fea37", - "is_verified": false, + "is_verified": true, "line_number": 37 } ] From ac2fbfd6a5a23ebb0947276fed01c341f14521a9 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:44:44 -0700 Subject: [PATCH 36/41] Try Credscan via Script --- .github/workflows/gradle-build.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 11eb4ace1..339a4d352 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,14 +22,24 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Run Yelp's detect-secrets - uses: RobertFischer/detect-secrets-action@v2.0.0 + - name: Setup Python + uses: actions/setup-python@v2.2.2 - name: Set up JDK 16 uses: actions/setup-java@v2 with: java-version: '16' distribution: 'adopt' cache: gradle + - name: run credscan + run: | + python -m pip install detect-secrets==1.0.3 + cp .secrets.baseline .secrets.new + detect-secrets scan --baseline .secrets.new $(find . -type f ! -name '.secrets.*' ! -path '*/.git*') + list_secrets() { jq -r '.results | keys[] as $key | "\($key),\(.[$key] | .[] | .hashed_secret)"' "$1" | sort; } + if ! diff <(list_secrets .secrets.baseline) <(list_secrets .secrets.new) >&2; then + echo "Detected new secrets in the repo" >&2 + exit 1 + fi - run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH shell: pwsh env: From 2863ceef1abe985089be8c1d12ea7b05fb089e68 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 13:56:19 -0700 Subject: [PATCH 37/41] baseline file with excluded files --- .secrets.baseline | Bin 2320 -> 4074 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 57c3f428efd859b1c83273fc25033bdb53fb0923..1d26e6f1b6b95fcb162249a31fe423e6305f9700 100644 GIT binary patch literal 4074 zcmd6qYik-o6o${|LjObYb1R8S3eC6l0;Z)GP$;y7#jaPf?pie$8}irNKJUy<)(sX+ zb%V(2>^O7o=bd-{{JycL_Qam?soACVY-%$bS!OBk$8L7t>bA#oz|8Zd)e}qX!Un8P z*%L9IvA>(|`+m1lvI{MG^V(AD*q9wb&k4HcNb55nGs<{h*jrZ2dBRMsB=>g7qV@HB zwU&KAW;N1(5s4|%Te%M%V$`cl-)o|!xWBYRYZASI4ecEnnPWp{6MU2%QvH8hFs_0}SL;Cd-^oHFn~ z6?|$x$XDU}sq3We`yTXUR9F*@>dWnGd2d%_u1y}#iFI0m2H)#f4pF)*`y?jFIxB|If9IjmAfe^YXL~Rir zRo;089<<1BAM2%Ife+J4bo>ONI>_$X=L)ef;QRzV+wamgy`VZ3H&`#zp=!^T&gdG^ zmK4>Cn8w3d!^BnF@U8>Zje#FT?j(#|r00z5_q5g7oAAl-MV`#qS$DsYdry%Stytq( zP4H)3)ZWa}7%Rto#KeM)I^9!dR7t|5E_Ee~#g(F*y@@~R%vDc%9v9L5ne#7Zria(d zJgz`IF@O{~32VdzlRU(h;vtHr#=dTK15=mjj_|m3E3LXgU4sKNvMs)!IIGH> zEXvVd7_f@bc~p`|Q!3pvxbiKvz`_A*I_MA<)`^9`OKGP%#AE1k6twf~UR=Wel3(2fH*12oe)pwT|D-bcWK8C4#u5y zT%_5*TlzDz0G(z{ceFHCZjILzppq}v8w{?53NjLBH%mTnRHDVM-^SWmhmUEQv6nBlvlj?sX?wy1Kz;BKYdp=Js$K@r;VQx0w+SV{y%JX=e&)WVpB8Z2l5PfF%qOoa1J*sl9r8Owe&l}67f}*F905r6SMmIz4c1lsJ@~b}fr&$c2ZCcuv za%4d=fSd8RBl=DABafE5_7?FlW=G@s{ID8L$|*gi6!k$hhH+KPeNm65)qJvF1D_n; zJ(k3=Rzn=e-UhgHLR6s+-5e~XHK`)Yvg|s3N68b6e^P;mLGQr&?};DYPn>?m{~>t; g8f>HuA4Y#ZF2|#nWksK}QFSz(9+l Date: Thu, 9 Sep 2021 14:18:54 -0700 Subject: [PATCH 38/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 90439dfcb..57fc61ddf 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,8 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Setup Python - uses: actions/setup-python@v2.2.2 - name: Set up JDK 16 uses: actions/setup-java@v2 with: From 9b9aed0a67beb63e11109d5796dd4776bdc804aa Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 14:25:33 -0700 Subject: [PATCH 39/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 57fc61ddf..90439dfcb 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,6 +22,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + - name: Setup Python + uses: actions/setup-python@v2.2.2 - name: Set up JDK 16 uses: actions/setup-java@v2 with: From a008f9e13c041e0dc1504dab2f066df26360c86b Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 14:27:45 -0700 Subject: [PATCH 40/41] Update gradle-build.yml --- .github/workflows/gradle-build.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 90439dfcb..57fc61ddf 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -22,8 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Setup Python - uses: actions/setup-python@v2.2.2 - name: Set up JDK 16 uses: actions/setup-java@v2 with: From 30a5d97d1eaf18b562813117d2e7164a1fe67341 Mon Sep 17 00:00:00 2001 From: ramsessanchez <63934382+ramsessanchez@users.noreply.github.com> Date: Thu, 9 Sep 2021 14:30:40 -0700 Subject: [PATCH 41/41] FIX ENCODING --- .secrets.baseline | Bin 4074 -> 2036 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 1d26e6f1b6b95fcb162249a31fe423e6305f9700..b83d75a8c5809265ce7fa41845ba34048b1df1fd 100644 GIT binary patch literal 2036 zcmb_d+iKfD5Pc8iAB>(`;n+!`eoHUlwDbZt6k5u%-5pDVN4v^ie5uL5cUDqO0tuFl zK_Ic(GuJa`c9$1}LACB$gc8XKF(e>$2G+QjTg~_=6}D^;b5?9Uko#{f`qws z0T)sQ>$V>tK>EnqOAn2qXE8r!pW%q>f1`sL8C{Rpb3mR=vF^jP=t> zs@{-K>oB)VFueiXy|s0Ef4^f0cVgN85wKAdb;GQKH2NZuREbr+w|A&6U+ez$`0j8e z!%>8rkyOjx!OZL;klcdnkGPN0!MCGWm^fcUZx{15653~`ES2_mD-8>zz@qV@G}JPb zNg8yc2f~AL5PaUja!F*@gg)fx1)%}4KVhkPsf7oODqB_7B#T%W>p%+~K?EyU-f)3R z2G%%HTSA54A4x!kMi8ukIO5TX&P#}n^Fh`4HyR!5pm4AN2S&lEIXy8;xCGh?)WWwa zc8*wU8^8pVBx1yqYyTw9n$yM&*ME(n6xtF=CpnU98(oAG2c{K*y{E-(H8N`o-t literal 4074 zcmd6qYik-o6o${|LjObYb1R8S3eC6l0;Z)GP$;y7#jaPf?pie$8}irNKJUy<)(sX+ zb%V(2>^O7o=bd-{{JycL_Qam?soACVY-%$bS!OBk$8L7t>bA#oz|8Zd)e}qX!Un8P z*%L9IvA>(|`+m1lvI{MG^V(AD*q9wb&k4HcNb55nGs<{h*jrZ2dBRMsB=>g7qV@HB zwU&KAW;N1(5s4|%Te%M%V$`cl-)o|!xWBYRYZASI4ecEnnPWp{6MU2%QvH8hFs_0}SL;Cd-^oHFn~ z6?|$x$XDU}sq3We`yTXUR9F*@>dWnGd2d%_u1y}#iFI0m2H)#f4pF)*`y?jFIxB|If9IjmAfe^YXL~Rir zRo;089<<1BAM2%Ife+J4bo>ONI>_$X=L)ef;QRzV+wamgy`VZ3H&`#zp=!^T&gdG^ zmK4>Cn8w3d!^BnF@U8>Zje#FT?j(#|r00z5_q5g7oAAl-MV`#qS$DsYdry%Stytq( zP4H)3)ZWa}7%Rto#KeM)I^9!dR7t|5E_Ee~#g(F*y@@~R%vDc%9v9L5ne#7Zria(d zJgz`IF@O{~32VdzlRU(h;vtHr#=dTK15=mjj_|m3E3LXgU4sKNvMs)!IIGH> zEXvVd7_f@bc~p`|Q!3pvxbiKvz`_A*I_MA<)`^9`OKGP%#AE1k6twf~UR=We