From 359af03c10a1eeaa24e20e382a1d55a63354d068 Mon Sep 17 00:00:00 2001 From: Alex Skrypnyk Date: Fri, 5 Jun 2026 20:16:35 +1000 Subject: [PATCH 1/4] [#2562] Added Gitleaks secret scanning to CI lint jobs. --- .circleci/config.yml | 4 +++ .github/workflows/build-test-deploy.yml | 4 +++ .gitleaks.toml | 26 +++++++++++++++++ .vortex/docs/content/tools/README.mdx | 1 + .vortex/docs/content/tools/gitleaks.mdx | 39 +++++++++++++++++++++++++ .vortex/docs/cspell.json | 2 ++ 6 files changed, 76 insertions(+) create mode 100644 .gitleaks.toml create mode 100644 .vortex/docs/content/tools/gitleaks.mdx diff --git a/.circleci/config.yml b/.circleci/config.yml index 78553258a..f32468442 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -142,6 +142,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:3.1.0 . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:v8.30.1 dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml index 9b5485658..a1ba91bf4 100644 --- a/.github/workflows/build-test-deploy.yml +++ b/.github/workflows/build-test-deploy.yml @@ -126,6 +126,10 @@ jobs: run: docker run --rm -v "${PWD}":/app zavoloklom/dclint:3.1.0 . continue-on-error: ${{ vars.VORTEX_CI_DCLINT_IGNORE_FAILURE == '1' }} + - name: Scan for committed secrets with Gitleaks + run: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:v8.30.1 dir . --no-banner + continue-on-error: ${{ vars.VORTEX_CI_GITLEAKS_IGNORE_FAILURE == '1' }} + - name: Build stack run: docker compose up --no-deps --detach cli diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 000000000..d33f9913a --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,26 @@ +# Gitleaks configuration for projects based on Vortex. +# +# Extends the default Gitleaks ruleset and allowlists the placeholder and +# example values that Vortex ships, plus third-party and generated paths, so a +# clean install reports zero findings while still catching real secrets. +# +# https://github.com/gitleaks/gitleaks + +[extend] +useDefault = true + +[[allowlists]] +description = "Third-party, generated, and local-only paths that must not be scanned." +paths = [ + '''(^|/)vendor/''', + '''(^|/)node_modules/''', + '''(^|/)web/core/''', + '''(^|/)web/modules/contrib/''', + '''(^|/)web/themes/contrib/''', + '''(^|/)web/libraries/''', + '''(^|/)web/sites/default/files/''', + '''(^|/)\.data/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.git/''', + '''(^|/)\.vortex/''', +] diff --git a/.vortex/docs/content/tools/README.mdx b/.vortex/docs/content/tools/README.mdx index d441fd2b2..9f9696f43 100644 --- a/.vortex/docs/content/tools/README.mdx +++ b/.vortex/docs/content/tools/README.mdx @@ -27,6 +27,7 @@ Head over to the tool-specific documentation to learn more. | [ESLint](eslint.mdx) | JavaScript linter with Prettier integration for custom modules | | [Gherkin Lint](gherkin-lint.mdx) | Provides a Gherkin linter for PHP | | [Git artifact](git-artifact.mdx) | Package and push files to remote repositories | +| [Gitleaks](gitleaks.mdx) | Detect hardcoded secrets like passwords, API keys, and tokens | | [Hadolint](hadolint.mdx) | A smarter Dockerfile linter that helps you build best practice container images | | [PHPCS](phpcs.mdx) | Check that code adheres to coding standards | | [PHPMD](phpmd.mdx) | Detect code smells and possible errors | diff --git a/.vortex/docs/content/tools/gitleaks.mdx b/.vortex/docs/content/tools/gitleaks.mdx new file mode 100644 index 000000000..5b71dccbb --- /dev/null +++ b/.vortex/docs/content/tools/gitleaks.mdx @@ -0,0 +1,39 @@ +# Gitleaks + +https://github.com/gitleaks/gitleaks + +> A tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in code. + +:::note + +**Vortex** does not install Gitleaks locally. Please follow the [instructions](https://github.com/gitleaks/gitleaks#installing) to install it on your system. + +In CI, Gitleaks runs from its official Docker image as part of the lint job. + +::: + +## Usage + +```shell +gitleaks dir . +``` + +Gitleaks reads its configuration from the `.gitleaks.toml` file at the repository root. The shipped allowlist is tuned for Drupal projects so that a clean install reports no findings while real secrets are still detected. + +## Ignoring + +To ignore a single line, add a `gitleaks:allow` comment to it: + +```php +$settings['example'] = 'not-a-real-secret'; // gitleaks:allow +``` + +To ignore a path or a recurring known-safe value across the codebase, add it to the `.gitleaks.toml` file at the repository root. See the [configuration documentation](https://github.com/gitleaks/gitleaks#configuration). + +## Ignoring fail in continuous integration pipeline + +This tool runs in continuous integration pipeline by default and fails the build +if there are any violations. + +Set `VORTEX_CI_GITLEAKS_IGNORE_FAILURE` environment variable to `1` to ignore +failures. The tool will still run and report violations, if any. diff --git a/.vortex/docs/cspell.json b/.vortex/docs/cspell.json index 99f6f1b80..e2962981f 100644 --- a/.vortex/docs/cspell.json +++ b/.vortex/docs/cspell.json @@ -43,6 +43,7 @@ "drush", "ergebnis", "gherkinlint", + "gitleaks", "hadolint", "hotfixes", "htpasswd", @@ -79,6 +80,7 @@ "simpletest", "testmode", "standardise", + "toml", "updatedb", "uselagoon", "utilising", From bb7a690c23e58919365a0aaf3313d3574e85692c Mon Sep 17 00:00:00 2001 From: Alex Skrypnyk Date: Fri, 5 Jun 2026 21:12:30 +1000 Subject: [PATCH 2/4] Updated snapshots. --- .../.github/workflows/build-test-deploy.yml | 4 +++ .../handler_process/_baseline/.gitleaks.toml | 26 +++++++++++++++++++ .../ciprovider_circleci/.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../hosting_acquia/.gitleaks.toml | 17 ++++++++++++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.gitleaks.toml | 17 ++++++++++++ .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 8 +++--- .../.github/workflows/build-test-deploy.yml | 2 +- .../.github/workflows/build-test-deploy.yml | 2 +- .../.github/workflows/build-test-deploy.yml | 2 +- .../timezone_circleci/.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 6 ++--- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 8 +++--- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 8 +++--- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.github/workflows/build-test-deploy.yml | 4 +-- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 4 +-- .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.circleci/config.yml | 4 +++ .../.circleci/config.yml | 4 +++ .../.github/workflows/build-test-deploy.yml | 2 +- .../.github/workflows/build-test-deploy.yml | 10 +++---- 57 files changed, 208 insertions(+), 60 deletions(-) create mode 100644 .vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml create mode 100644 .vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml create mode 100644 .vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml diff --git a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml index 2a75cd68e..f8aef8806 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml @@ -119,6 +119,10 @@ jobs: run: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . continue-on-error: ${{ vars.VORTEX_CI_DCLINT_IGNORE_FAILURE == '1' }} + - name: Scan for committed secrets with Gitleaks + run: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner + continue-on-error: ${{ vars.VORTEX_CI_GITLEAKS_IGNORE_FAILURE == '1' }} + - name: Build stack run: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml new file mode 100644 index 000000000..d33f9913a --- /dev/null +++ b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml @@ -0,0 +1,26 @@ +# Gitleaks configuration for projects based on Vortex. +# +# Extends the default Gitleaks ruleset and allowlists the placeholder and +# example values that Vortex ships, plus third-party and generated paths, so a +# clean install reports zero findings while still catching real secrets. +# +# https://github.com/gitleaks/gitleaks + +[extend] +useDefault = true + +[[allowlists]] +description = "Third-party, generated, and local-only paths that must not be scanned." +paths = [ + '''(^|/)vendor/''', + '''(^|/)node_modules/''', + '''(^|/)web/core/''', + '''(^|/)web/modules/contrib/''', + '''(^|/)web/themes/contrib/''', + '''(^|/)web/libraries/''', + '''(^|/)web/sites/default/files/''', + '''(^|/)\.data/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.git/''', + '''(^|/)\.vortex/''', +] diff --git a/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml index db401b660..08dcef508 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -446,6 +446,17 @@ +@@ -450,6 +450,17 @@ hide_and_recreate: true diff --git a/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml index 1922b9eda..a6ceb5346 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml index 67d4fec84..457f41aea 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -255,6 +255,9 @@ +@@ -259,6 +259,9 @@ VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml index 0ba2cbc3b..70e82e206 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml index d360171d4..ef693734b 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -511,98 +511,3 @@ +@@ -515,98 +515,3 @@ timeout-minutes: 120 # Cancel the action after 120 minutes, regardless of whether a connection has been established. with: detached: true diff --git a/.vortex/installer/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml index 67d4fec84..457f41aea 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -255,6 +255,9 @@ +@@ -259,6 +259,9 @@ VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml new file mode 100644 index 000000000..c5372be7e --- /dev/null +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml @@ -0,0 +1,17 @@ +@@ -14,11 +14,11 @@ + paths = [ + '''(^|/)vendor/''', + '''(^|/)node_modules/''', +- '''(^|/)web/core/''', +- '''(^|/)web/modules/contrib/''', +- '''(^|/)web/themes/contrib/''', +- '''(^|/)web/libraries/''', +- '''(^|/)web/sites/default/files/''', ++ '''(^|/)docroot/core/''', ++ '''(^|/)docroot/modules/contrib/''', ++ '''(^|/)docroot/themes/contrib/''', ++ '''(^|/)docroot/libraries/''', ++ '''(^|/)docroot/sites/default/files/''', + '''(^|/)\.data/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.git/''', diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml index 67d4fec84..457f41aea 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -255,6 +255,9 @@ +@@ -259,6 +259,9 @@ VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml new file mode 100644 index 000000000..c5372be7e --- /dev/null +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml @@ -0,0 +1,17 @@ +@@ -14,11 +14,11 @@ + paths = [ + '''(^|/)vendor/''', + '''(^|/)node_modules/''', +- '''(^|/)web/core/''', +- '''(^|/)web/modules/contrib/''', +- '''(^|/)web/themes/contrib/''', +- '''(^|/)web/libraries/''', +- '''(^|/)web/sites/default/files/''', ++ '''(^|/)docroot/core/''', ++ '''(^|/)docroot/modules/contrib/''', ++ '''(^|/)docroot/themes/contrib/''', ++ '''(^|/)docroot/libraries/''', ++ '''(^|/)docroot/sites/default/files/''', + '''(^|/)\.data/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.git/''', diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml index 87e2f2313..55a1e524d 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_lagoon/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_lagoon/.github/workflows/build-test-deploy.yml index 8032a49d2..1f0f7accc 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_lagoon/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/migration_enabled_lagoon/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -256,6 +256,9 @@ +@@ -260,6 +260,9 @@ echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV" timeout-minutes: 30 @@ -8,7 +8,7 @@ - name: Export DB run: | if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi -@@ -387,6 +390,10 @@ +@@ -391,6 +394,10 @@ if [ -f .data/db.sql ]; then docker compose exec cli mkdir -p .data docker compose cp -L .data/db.sql cli:/app/.data/db.sql diff --git a/.vortex/installer/tests/Fixtures/handler_process/provision_profile/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/provision_profile/.github/workflows/build-test-deploy.yml index c3eaf66ea..a99cf7d96 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/provision_profile/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/provision_profile/.github/workflows/build-test-deploy.yml @@ -15,7 +15,7 @@ container: # https://hub.docker.com/r/drevops/ci-runner -@@ -170,117 +167,8 @@ +@@ -174,117 +171,8 @@ run: docker compose exec -T cli bash -c "yarn --cwd=\${WEBROOT}/themes/custom/\${DRUPAL_THEME} run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} @@ -133,7 +133,7 @@ permissions: contents: read # Check out the repository. -@@ -306,14 +194,6 @@ +@@ -310,14 +198,6 @@ VORTEX_SSH_DISABLE_STRICT_HOST_KEY_CHECKING: "1" VORTEX_SSH_REMOVE_ALL_KEYS: "1" VORTEX_DEBUG: ${{ vars.VORTEX_DEBUG }} @@ -148,7 +148,7 @@ steps: - name: Preserve $HOME set in the container -@@ -338,29 +218,6 @@ +@@ -342,29 +222,6 @@ - name: Install Vortex tooling run: ./scripts/vortex-tooling.sh @@ -178,7 +178,7 @@ - name: Login to container registry run: ./vendor/drevops/vortex-tooling/src/login-container-registry -@@ -515,7 +372,6 @@ +@@ -519,7 +376,6 @@ deploy: runs-on: ubuntu-latest needs: [build, lint] diff --git a/.vortex/installer/tests/Fixtures/handler_process/theme_claro/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/theme_claro/.github/workflows/build-test-deploy.yml index fe02db3a5..63fd45c93 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/theme_claro/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/theme_claro/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -165,11 +165,6 @@ +@@ -169,11 +169,6 @@ run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/theme_olivero/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/theme_olivero/.github/workflows/build-test-deploy.yml index fe02db3a5..63fd45c93 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/theme_olivero/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/theme_olivero/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -165,11 +165,6 @@ +@@ -169,11 +169,6 @@ run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/theme_stark/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/theme_stark/.github/workflows/build-test-deploy.yml index fe02db3a5..63fd45c93 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/theme_stark/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/theme_stark/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -165,11 +165,6 @@ +@@ -169,11 +169,6 @@ run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/timezone_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/timezone_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/timezone_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/timezone_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint/.github/workflows/build-test-deploy.yml index dd239d061..b6aa8aae2 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -137,22 +137,6 @@ +@@ -141,22 +141,6 @@ run: docker compose exec -T cli composer normalize --dry-run continue-on-error: ${{ vars.VORTEX_CI_COMPOSER_NORMALIZE_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint_circleci/.circleci/config.yml index 438b74a2b..23606111c 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_lint_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests/.github/workflows/build-test-deploy.yml index 90e91fdf1..b378422b6 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -157,10 +157,6 @@ +@@ -161,10 +161,6 @@ run: docker compose exec -T cli vendor/bin/twig-cs-fixer continue-on-error: ${{ vars.VORTEX_CI_TWIG_CS_FIXER_IGNORE_FAILURE == '1' }} @@ -9,7 +9,7 @@ - name: Lint module code with NodeJS linters run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} -@@ -396,78 +392,6 @@ +@@ -400,78 +396,6 @@ run: docker compose exec -T cli bash -c "yarn test" continue-on-error: ${{ vars.VORTEX_CI_JEST_IGNORE_FAILURE == '1' }} @@ -88,7 +88,7 @@ - name: Process test logs and artifacts if: always() run: | -@@ -484,16 +408,6 @@ +@@ -488,16 +412,6 @@ path: .logs include-hidden-files: true if-no-files-found: error diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests_circleci/.circleci/config.yml index f015d7469..7e2e24ada 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_be_tests_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint/.github/workflows/build-test-deploy.yml index 8cb705446..514de652a 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -127,7 +127,6 @@ +@@ -131,7 +131,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Audit Composer packages run: docker compose exec -T cli composer audit -@@ -161,10 +160,6 @@ +@@ -165,10 +164,6 @@ run: docker compose exec -T cli vendor/bin/gherkinlint lint tests/behat/features continue-on-error: ${{ vars.VORTEX_CI_GHERKIN_LINT_IGNORE_FAILURE == '1' }} @@ -17,7 +17,7 @@ - name: Lint theme code with NodeJS linters if: ${{ vars.VORTEX_FRONTEND_BUILD_SKIP != '1' }} run: docker compose exec -T cli bash -c "yarn --cwd=\${WEBROOT}/themes/custom/\${DRUPAL_THEME} run lint" -@@ -380,7 +375,6 @@ +@@ -384,7 +379,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -25,7 +25,7 @@ - name: Provision site run: | -@@ -390,11 +384,6 @@ +@@ -394,11 +388,6 @@ fi docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli ./vendor/drevops/vortex-tooling/src/provision timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_circleci/.circleci/config.yml index 4a5c9f828..57640d1f5 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme/.github/workflows/build-test-deploy.yml index 6d7f0a3e4..fb2e52ed6 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -127,7 +127,6 @@ +@@ -131,7 +131,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Audit Composer packages run: docker compose exec -T cli composer audit -@@ -161,15 +160,6 @@ +@@ -165,15 +164,6 @@ run: docker compose exec -T cli vendor/bin/gherkinlint lint tests/behat/features continue-on-error: ${{ vars.VORTEX_CI_GHERKIN_LINT_IGNORE_FAILURE == '1' }} @@ -22,7 +22,7 @@ database: runs-on: ubuntu-latest if: ${{ !inputs.deploy_target && (github.event_name == 'push' || !startsWith(github.head_ref, 'project/')) }} -@@ -380,7 +370,6 @@ +@@ -384,7 +374,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -30,7 +30,7 @@ - name: Provision site run: | -@@ -390,11 +379,6 @@ +@@ -394,11 +383,6 @@ fi docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli ./vendor/drevops/vortex-tooling/src/provision timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme_circleci/.circleci/config.yml index 214958435..34e3b2b6b 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_groups_no_fe_lint_no_theme_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat/.github/workflows/build-test-deploy.yml index 54624a9b9..23da4da3b 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -157,10 +157,6 @@ +@@ -161,10 +161,6 @@ run: docker compose exec -T cli vendor/bin/twig-cs-fixer continue-on-error: ${{ vars.VORTEX_CI_TWIG_CS_FIXER_IGNORE_FAILURE == '1' }} @@ -9,7 +9,7 @@ - name: Lint module code with NodeJS linters run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} -@@ -455,18 +451,6 @@ +@@ -459,18 +455,6 @@ fi env: VORTEX_CI_CODE_COVERAGE_THRESHOLD: ${{ vars.VORTEX_CI_CODE_COVERAGE_THRESHOLD || '90' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat_circleci/.circleci/config.yml index 1daf000f5..ffcdbfe69 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_behat_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint/.github/workflows/build-test-deploy.yml index 104fe5fa4..4390390eb 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -127,7 +127,6 @@ +@@ -131,7 +131,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Audit Composer packages run: docker compose exec -T cli composer audit -@@ -160,10 +159,6 @@ +@@ -164,10 +163,6 @@ - name: Lint code with Gherkin Lint run: docker compose exec -T cli vendor/bin/gherkinlint lint tests/behat/features continue-on-error: ${{ vars.VORTEX_CI_GHERKIN_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_circleci/.circleci/config.yml index ee3e1a4d3..8ecf09e5b 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_no_theme/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_no_theme/.github/workflows/build-test-deploy.yml index fb601c4ad..92dfaee31 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_no_theme/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_eslint_no_theme/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -127,7 +127,6 @@ +@@ -131,7 +131,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Audit Composer packages run: docker compose exec -T cli composer audit -@@ -160,15 +159,6 @@ +@@ -164,15 +163,6 @@ - name: Lint code with Gherkin Lint run: docker compose exec -T cli vendor/bin/gherkinlint lint tests/behat/features continue-on-error: ${{ vars.VORTEX_CI_GHERKIN_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest/.github/workflows/build-test-deploy.yml index 50e312029..ddb3252c5 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -380,7 +380,6 @@ +@@ -384,7 +384,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Provision site run: | -@@ -390,11 +389,6 @@ +@@ -394,11 +393,6 @@ fi docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli ./vendor/drevops/vortex-tooling/src/provision timeout-minutes: 30 diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest_circleci/.circleci/config.yml index 925d64c4c..30073b71d 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_jest_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs/.github/workflows/build-test-deploy.yml index 973c1f37e..960e70626 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -137,10 +137,6 @@ +@@ -141,10 +141,6 @@ run: docker compose exec -T cli composer normalize --dry-run continue-on-error: ${{ vars.VORTEX_CI_COMPOSER_NORMALIZE_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs_circleci/.circleci/config.yml index 3aac6d657..f93409f15 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpcs_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd/.github/workflows/build-test-deploy.yml index 9c768fb87..3851b5b43 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -149,10 +149,6 @@ +@@ -153,10 +153,6 @@ run: docker compose exec -T cli vendor/bin/rector --dry-run continue-on-error: ${{ vars.VORTEX_CI_RECTOR_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd_circleci/.circleci/config.yml index 3035c85ac..db765f31c 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpmd_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan/.github/workflows/build-test-deploy.yml index a27937154..8f89297be 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -141,10 +141,6 @@ +@@ -145,10 +145,6 @@ run: docker compose exec -T cli vendor/bin/phpcs continue-on-error: ${{ vars.VORTEX_CI_PHPCS_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan_circleci/.circleci/config.yml index 42e5abcc3..6b54d1525 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpstan_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit/.github/workflows/build-test-deploy.yml index ae00bff6e..00e5a389a 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -396,66 +396,6 @@ +@@ -400,66 +400,6 @@ run: docker compose exec -T cli bash -c "yarn test" continue-on-error: ${{ vars.VORTEX_CI_JEST_IGNORE_FAILURE == '1' }} @@ -65,7 +65,7 @@ - name: Test with Behat run: | # shellcheck disable=SC2170 -@@ -484,16 +424,6 @@ +@@ -488,16 +428,6 @@ path: .logs include-hidden-files: true if-no-files-found: error diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit_circleci/.circleci/config.yml index aececca3b..e23ea3c99 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_phpunit_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector/.github/workflows/build-test-deploy.yml index 1e3dd629e..ec697fe24 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -145,10 +145,6 @@ +@@ -149,10 +149,6 @@ run: docker compose exec -T cli vendor/bin/phpstan continue-on-error: ${{ vars.VORTEX_CI_PHPSTAN_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector_circleci/.circleci/config.yml index 9873ba415..3bf40b66a 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_rector_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_circleci/.circleci/config.yml index c15333fb5..a392fad10 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_circleci/.circleci/config.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_circleci/.circleci/config.yml @@ -131,6 +131,10 @@ jobs: name: Lint Docker Compose files with DCLint command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ] + - run: + name: Scan for committed secrets with Gitleaks + command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ] + - run: name: Build stack command: docker compose up --no-deps --detach cli diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_no_theme/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_no_theme/.github/workflows/build-test-deploy.yml index fe02db3a5..63fd45c93 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_no_theme/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_no_stylelint_no_theme/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -165,11 +165,6 @@ +@@ -169,11 +169,6 @@ run: docker compose exec -T cli bash -c "yarn run lint" continue-on-error: ${{ vars.VORTEX_CI_NODEJS_LINT_IGNORE_FAILURE == '1' }} diff --git a/.vortex/installer/tests/Fixtures/handler_process/tools_none/.github/workflows/build-test-deploy.yml b/.vortex/installer/tests/Fixtures/handler_process/tools_none/.github/workflows/build-test-deploy.yml index 8d2436b01..942fccdc3 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/tools_none/.github/workflows/build-test-deploy.yml +++ b/.vortex/installer/tests/Fixtures/handler_process/tools_none/.github/workflows/build-test-deploy.yml @@ -1,4 +1,4 @@ -@@ -127,7 +127,6 @@ +@@ -131,7 +131,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -6,7 +6,7 @@ - name: Audit Composer packages run: docker compose exec -T cli composer audit -@@ -137,34 +136,10 @@ +@@ -141,34 +140,10 @@ run: docker compose exec -T cli composer normalize --dry-run continue-on-error: ${{ vars.VORTEX_CI_COMPOSER_NORMALIZE_IGNORE_FAILURE == '1' }} @@ -41,7 +41,7 @@ - name: Lint theme code with NodeJS linters if: ${{ vars.VORTEX_FRONTEND_BUILD_SKIP != '1' }} run: docker compose exec -T cli bash -c "yarn --cwd=\${WEBROOT}/themes/custom/\${DRUPAL_THEME} run lint" -@@ -380,7 +355,6 @@ +@@ -384,7 +359,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli bash -c " \ if [ -n \"${PACKAGE_TOKEN:-}\" ]; then export COMPOSER_AUTH='{\"github-oauth\": {\"github.com\": \"${PACKAGE_TOKEN-}\"}}'; fi && \ COMPOSER_MEMORY_LIMIT=-1 composer --ansi install --prefer-dist" @@ -49,7 +49,7 @@ - name: Provision site run: | -@@ -391,83 +365,6 @@ +@@ -395,83 +369,6 @@ docker compose exec $(env | cut -f1 -d= | sed 's/^/-e /') -T cli ./vendor/drevops/vortex-tooling/src/provision timeout-minutes: 30 @@ -133,7 +133,7 @@ - name: Process test logs and artifacts if: always() run: | -@@ -484,16 +381,6 @@ +@@ -488,16 +385,6 @@ path: .logs include-hidden-files: true if-no-files-found: error From e53d44a732edd2dc9be470c0f70e3c52ad5b0575 Mon Sep 17 00:00:00 2001 From: Alex Skrypnyk Date: Fri, 5 Jun 2026 21:50:40 +1000 Subject: [PATCH 3/4] [#2562] Sorted gitleaks allowlist paths and dev-fenced the '.vortex' exclude. --- .gitleaks.toml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitleaks.toml b/.gitleaks.toml index d33f9913a..dc9bedb92 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -12,15 +12,17 @@ useDefault = true [[allowlists]] description = "Third-party, generated, and local-only paths that must not be scanned." paths = [ - '''(^|/)vendor/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.data/''', + '''(^|/)\.git/''', + #;< VORTEX_DEV + '''(^|/)\.vortex/''', + #;> VORTEX_DEV '''(^|/)node_modules/''', + '''(^|/)vendor/''', '''(^|/)web/core/''', - '''(^|/)web/modules/contrib/''', - '''(^|/)web/themes/contrib/''', '''(^|/)web/libraries/''', + '''(^|/)web/modules/contrib/''', '''(^|/)web/sites/default/files/''', - '''(^|/)\.data/''', - '''(^|/)\.artifacts/''', - '''(^|/)\.git/''', - '''(^|/)\.vortex/''', + '''(^|/)web/themes/contrib/''', ] From 0034fbdd0ab6b22ef9edc8006a6f23f245f7c42c Mon Sep 17 00:00:00 2001 From: Alex Skrypnyk Date: Fri, 5 Jun 2026 21:51:58 +1000 Subject: [PATCH 4/4] Updated snapshots. --- .../handler_process/_baseline/.gitleaks.toml | 13 ++++++------- .../hosting_acquia/.gitleaks.toml | 18 ++++++++---------- .../.gitleaks.toml | 18 ++++++++---------- 3 files changed, 22 insertions(+), 27 deletions(-) diff --git a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml index d33f9913a..671eadad6 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml +++ b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml @@ -12,15 +12,14 @@ useDefault = true [[allowlists]] description = "Third-party, generated, and local-only paths that must not be scanned." paths = [ - '''(^|/)vendor/''', + '''(^|/)\.artifacts/''', + '''(^|/)\.data/''', + '''(^|/)\.git/''', '''(^|/)node_modules/''', + '''(^|/)vendor/''', '''(^|/)web/core/''', - '''(^|/)web/modules/contrib/''', - '''(^|/)web/themes/contrib/''', '''(^|/)web/libraries/''', + '''(^|/)web/modules/contrib/''', '''(^|/)web/sites/default/files/''', - '''(^|/)\.data/''', - '''(^|/)\.artifacts/''', - '''(^|/)\.git/''', - '''(^|/)\.vortex/''', + '''(^|/)web/themes/contrib/''', ] diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml index c5372be7e..69b2c6762 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml @@ -1,17 +1,15 @@ -@@ -14,11 +14,11 @@ - paths = [ - '''(^|/)vendor/''', +@@ -17,9 +17,9 @@ + '''(^|/)\.git/''', '''(^|/)node_modules/''', + '''(^|/)vendor/''', - '''(^|/)web/core/''', -- '''(^|/)web/modules/contrib/''', -- '''(^|/)web/themes/contrib/''', - '''(^|/)web/libraries/''', +- '''(^|/)web/modules/contrib/''', - '''(^|/)web/sites/default/files/''', +- '''(^|/)web/themes/contrib/''', + '''(^|/)docroot/core/''', -+ '''(^|/)docroot/modules/contrib/''', -+ '''(^|/)docroot/themes/contrib/''', + '''(^|/)docroot/libraries/''', ++ '''(^|/)docroot/modules/contrib/''', + '''(^|/)docroot/sites/default/files/''', - '''(^|/)\.data/''', - '''(^|/)\.artifacts/''', - '''(^|/)\.git/''', ++ '''(^|/)docroot/themes/contrib/''', + ] diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml index c5372be7e..69b2c6762 100644 --- a/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml +++ b/.vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml @@ -1,17 +1,15 @@ -@@ -14,11 +14,11 @@ - paths = [ - '''(^|/)vendor/''', +@@ -17,9 +17,9 @@ + '''(^|/)\.git/''', '''(^|/)node_modules/''', + '''(^|/)vendor/''', - '''(^|/)web/core/''', -- '''(^|/)web/modules/contrib/''', -- '''(^|/)web/themes/contrib/''', - '''(^|/)web/libraries/''', +- '''(^|/)web/modules/contrib/''', - '''(^|/)web/sites/default/files/''', +- '''(^|/)web/themes/contrib/''', + '''(^|/)docroot/core/''', -+ '''(^|/)docroot/modules/contrib/''', -+ '''(^|/)docroot/themes/contrib/''', + '''(^|/)docroot/libraries/''', ++ '''(^|/)docroot/modules/contrib/''', + '''(^|/)docroot/sites/default/files/''', - '''(^|/)\.data/''', - '''(^|/)\.artifacts/''', - '''(^|/)\.git/''', ++ '''(^|/)docroot/themes/contrib/''', + ]