build: add detect-secrets stage to build #223
Conversation
padamstx
force-pushed
the
add-detect-secrets
branch
6 times, most recently
from
bd28767 to
1fe0d48
Compare
| - pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets" | ||
| script: | ||
| - detect-secrets scan --update .secrets.baseline | ||
| - detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline |
There was a problem hiding this comment.
Just out of curiosity, why not just add these steps to the above "script" section, where the tests are run, etc. ?
This looks good and looks clean overall, I'm just curious why you took this approach.
There was a problem hiding this comment.
Mainly so that everything is run in parallel. Under the "Build-Test" stage, there are four different jobs that each run in parallel:
There was a problem hiding this comment.
And to carry this a little bit further (farther? 😂), when we merge the PR into main, we'll see the "Semantic-Release" stage get run also:
.travis.yml
Outdated
| install: | ||
| - npm install | ||
| script: | ||
| - echo npm run semantic-release |
There was a problem hiding this comment.
Oops, I just realized I need to fix this 😂
padamstx
force-pushed
the
add-detect-secrets
branch
from
1fe0d48 to
2f5ea19
Compare
padamstx
force-pushed
the
add-detect-secrets
branch
2 times, most recently
from
db77906 to
fe7f685
Compare
Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
padamstx
force-pushed
the
add-detect-secrets
branch
from
fe7f685 to
e449cf8
Compare
|
🎉 This PR is included in version 5.17.5 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This PR re-organizes the Travis build a bit in order to add a "detect-secrets" stage to the build.