From 5247dfd38d6bdf614de8651904f4545a47d36efe Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 23 Aug 2023 15:45:21 -0500
Subject: [PATCH] Configure Secret Detection in `.gitlab-ci.yml`, creating this
 file if it does not already exist

---
 .gitlab-ci.yml | 97 +++++++++++++++++++++++++-------------------------
 1 file changed, 49 insertions(+), 48 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 34c9e4f..4696715 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,66 +1,67 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 image: gitlab.rc.uab.edu:4567/rc/packer-openstack-hpc-image:latest
-
 variables:
   ANSIBLE_REMOTE_TMP: "/tmp"
-  OS_REGION_NAME: "bhm1"
-  OS_INTERFACE: "public"
-  OS_IDENTITY_API_VERSION: "3"
-  OS_AUTH_TYPE: "v3applicationcredential"
-  OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
-  TF_ROOT: ${CI_PROJECT_DIR}/
-  TF_VAR_internal_network: "xdmod-packer-clusternet"
-  TF_VAR_external_network: "xdmod-packer-dmznet"
-  TF_VAR_flavor: "m1.medium"
-  GIT_SUBMODULE_STRATEGY: "recursive"
+  OS_REGION_NAME: bhm1
+  OS_INTERFACE: public
+  OS_IDENTITY_API_VERSION: '3'
+  OS_AUTH_TYPE: v3applicationcredential
+  OS_AUTH_URL: https://keystone.cloud.rc.uab.edu:5000/v3
+  TF_ROOT: "${CI_PROJECT_DIR}/"
+  TF_VAR_internal_network: xdmod-packer-clusternet
+  TF_VAR_external_network: xdmod-packer-dmznet
+  TF_VAR_flavor: m1.medium
+  GIT_SUBMODULE_STRATEGY: recursive
   GIT_SUBMODULE_UPDATE_FLAGS: "--force"
-
 cache:
   paths:
-    - .terraform
-    - .terraform.lock.hcl
-    - terraform.tfstate
-
-stages:          # List of stages for jobs, and their order of execution
-  - validate
-  - build
-  - deploy
-  - cleanup
-
+  - ".terraform"
+  - ".terraform.lock.hcl"
+  - terraform.tfstate
+stages:
+- validate
+- build
+- deploy
+- cleanup
 tf-validate:
   stage: validate
-  tags: [build]
+  tags:
+  - build
   script:
-    - cd CRI_XCBC && git checkout dev && cd ..
-    - terraform --version
-    - terraform init
-    - terraform validate
-    - pwd
-    - terraform plan
-    - 'sed -i -E "s/(cod_deploy: ).*/\1false/" CRI_XCBC/group_vars/all'
-
+  - cd CRI_XCBC && git checkout dev && cd ..
+  - terraform --version
+  - terraform init
+  - terraform validate
+  - pwd
+  - terraform plan
+  - 'sed -i -E "s/(cod_deploy: ).*/\1false/" CRI_XCBC/group_vars/all'
 tf-apply:
   cache:
     paths:
-      - .terraform/
+    - ".terraform/"
   stage: build
-  tags: [build]
+  tags:
+  - build
   script:
-    - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d%H%M%S)
-    - | 
-      if [ -z $TF_VAR_image_ohpc ];
-      then
-      XDMOD_IMAGES=($(openstack image list --sort-column Name --sort-descending -f value -c Name -c ID | grep -P ' xdmod-\d{14}$' | awk '{print $2}'))
-      export TF_VAR_image_ohpc="${XDMOD_IMAGES[0]}"
-      echo $TF_VAR_image_ohpc
-      else
-      echo "image_ohpc defined as ${TF_VAR_image_ohpc}"
-      fi   
-    - export TF_VAR_keypair_name="os-gen-keypair-$BUILD_DATE"
-    - terraform apply -auto-approve || terraform destroy -auto-approve 
-
+  - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d%H%M%S)
+  - "if [ -z $TF_VAR_image_ohpc ];\nthen\nXDMOD_IMAGES=($(openstack image list --sort-column
+    Name --sort-descending -f value -c Name -c ID | grep -P ' xdmod-\\d{14}$' | awk
+    '{print $2}'))\nexport TF_VAR_image_ohpc=\"${XDMOD_IMAGES[0]}\"\necho $TF_VAR_image_ohpc\nelse\necho
+    \"image_ohpc defined as ${TF_VAR_image_ohpc}\"\nfi   \n"
+  - export TF_VAR_keypair_name="os-gen-keypair-$BUILD_DATE"
+  - terraform apply -auto-approve || terraform destroy -auto-approve
 clean-up:
   stage: cleanup
-  tags: [build]
+  tags:
+  - build
   script:
-    - terraform destroy -auto-approve
+  - terraform destroy -auto-approve
   when: manual
+include:
+- template: Security/Secret-Detection.gitlab-ci.yml
-- 
GitLab