Use detect secrets on all repositories

[KirbyKatcher]

Story

As a Galasa developer I want to be able to commit code knowing that i have not introduced secrets into the code, so that I can ensure that my commits are clean and safe.

https://github.com/IBM/detect-secrets

Tasks

- [x] cli
- [x] automation
- [x] helm
- [x] framework
- [x] extensions
- [x] managers
- [x] webui
- [x] obr
- [x] galasa.dev
- [x] buildutils
- [x] maven
- [x] isolated
- [x] gradle
- [x] wrapping
- [x] simplatform

• [x] Use the detect-secrets tool to create a baseline for the repositories:
  • [x] cli
  • [x] automation
  • [x] helm
  • [x] framework
  • [x] extensions
  • [x] managers
  • [x] webui
  • [x] obr
  • [x] galasa.dev
  • [x] buildutils
  • [x] maven
  • [x] isolated
  • [x] gradle
  • [x] wrapping
  • [x] simplatform
• [x] Add scanning to to the build locally scripts
  • [x] cli
  • [x] framework
  • [x] extensions
  • [x] managers
  • [x] webui
  • [x] obr
  • [x] buildutils
  • [x] simplatform

[KirbyKatcher]

using this to call detect-secrets in build-locally.sh

function check_secrets {
    h2 "updating secrets baseline"
    cd ${BASEDIR}
    detect-secrets scan --update .secrets.baseline
    rc=$? 
    check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" 
    success "updated secrets file"

    h2 "running audit for secrets"
    detect-secrets audit .secrets.baseline
    rc=$? 
    check_exit_code $rc "Failed to audit detect-secrets."

    #Check all secrets have been audited
    secrets=$(grep -c hashed_secret .secrets.baseline)
    audits=$(grep -c is_secret .secrets.baseline)
    if [[ "$secrets" != "$audits" ]]; then 
        error "Not all secrets found have been audited"
        exit 1  
    fi
    sed -i '' '/[ ]*"generated_at": ".*",/d' .secrets.baseline
    success "secrets audit complete"
}

[KirbyKatcher]

install command

pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"