Open gberche-orange opened 5 years ago
For me, it seems more relevant to include this as a paas-templates pipeline, as secrets detection is already included in that repo.
@o-orand
Can you suggest a way such a paas-template pipeline can fail the sync-feature-branches and force authors to fix leaking secrets before they get merged ?
we are using a different pipeline (part of paas-template) to set our internal gitlab merge request status to failure
Here is a pipeline overview:
Current status: the introduction of credentials leaks in new features is notified through gitlab merge request status. It is not blocking merge of related feature branch into develop
branch and release.
Risks:
Prioritized temporary workaround:
**Is your feature request related to a problem?
I need to prevent introduction of secrets leaks into the template repo. This is a follow up of initial effort in https://github.com/orange-cloudfoundry/paas-templates/issues/4
Describe the solution you'd like
sync-feature-branches
to include secrets prevention tasks, and to fail when secrets are detectedDescribe alternatives you've considered
Notification of the failed
micro-depls-auto-sanitize
pipeline.