Merge branch 'bump-version-to-7' into 'main'

Bump version to 7

See merge request components/secret-detection!10

.gitlab-ci.yml

@@ -1,19 +1,26 @@
 include:
-  component: gitlab.com/$CI_PROJECT_PATH/job@$CI_COMMIT_SHA
+  component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/secret-detection@$CI_COMMIT_SHA
 
 stages: [test, release]
 
+secret_detection:
+  rules:
+    - if: $CI_COMMIT_BRANCH
+    - if: $CI_COMMIT_TAG # overriding rules to ensure it runs on tags before the release.
+
 ensure-job-added:
   stage: test
   image: badouralix/curl-jq
   script:
     - echo "Expect that a job named 'secret_detection' is added to the pipeline"
     - |
-      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
+      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
       count=`curl --silent $route | jq 'map(select(.name | contains("secret_detection"))) | length'`
       if [ "$count" != "1" ]; then
         exit 1
       fi
+  rules:
+    - if: ($CI_COMMIT_BRANCH || $CI_COMMIT_TAG) && $CI_SERVER_HOST =~ /gitlab.com/
 
 # Ensure that a project description exists, because it will be important to display
 # the resource in the catalog.
@@ -21,7 +28,7 @@ check-description:
   image: badouralix/curl-jq
   script:
     - |
-      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID"
+      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID"
       desc=`curl --silent $route | jq '.description'`
       if [ "$desc" = "null" ]; then
         echo "Description not set. Please set a projet description"
@@ -29,6 +36,8 @@ check-description:
       else
         echo "Description set"
       fi
+  rules:
+    - if: $CI_SERVER_HOST =~ /gitlab.com/
 
 # Ensure that a `README.md` exists in the root directory as it represents the
 # documentation for the whole components repository.

CODEOWNERS

@@ -0,0 +1 @@
+* @gitlab-org/secure/secret-detection

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 GitLab Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -13,16 +13,18 @@ keyword.
 
 ```yaml
 include:
-  - component: gitlab.com/gitlab-components/secret-detection/job@<VERSION>
+  - component: gitlab.com/components/secret-detection/secret-detection@<VERSION>
 ```
 
 where `<VERSION>` is the latest released tag or `main`.
 
+This component will add a `secret_detection` job to the pipeline.
+
 If you are converting the configuration to use components and want to leverage the existing variable `$SECRET_DETECTION_DISABLED` you could conditionally include the component using the variable:
 
 ```yaml
 include:
-  - component: gitlab.com/gitlab-components/secret-detection/job@main
+  - component: gitlab.com/components/secret-detection/secret-detection@main
     rules:
       - if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1"
         when: never
@@ -38,7 +40,7 @@ This assumes `SECRET_DETECTION_DISABLED` variable is already defined in `.gitlab
 | ----- | ------------- | ----------- |
 | `stage` | `test` | The stage where you want the job to be added. |
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Override the name of the Docker registry providing the default images (proxy). |
-| `image_tag` | `5` | Override the default version of the `secrets` analyzer image. |
+| `image_tag` | `7` | Override the default version of the `secrets` analyzer image. |
 | `image_suffix` | `""` | Suffix added to the image name. If set to -fips, [FIPS-enabled images](https://docs.gitlab.com/ee/user/application_security/secret_detection/#use-fips-enabled-images) are used for scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355519) in GitLab 14.10. |
 
 ### Variables
@@ -50,3 +52,7 @@ You can customize secret detection by defining the following CI/CD variables:
 | `SECRET_DETECTION_EXCLUDED_PATHS` | Exclude vulnerabilities from output based on the paths. The paths are a comma-separated list of patterns. Patterns can be globs (see [doublestar.Match](https://pkg.go.dev/github.com/bmatcuk/doublestar/v4@v4.0.2#Match) for supported patterns), or file or folder paths (for example, `doc,spec`). Parent directories also match patterns. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225273) in GitLab 13.3. |
 | `SECRET_DETECTION_HISTORIC_SCAN` | Flag to enable a historic Gitleaks scan. |
 | `SECRET_DETECTION_LOG_OPTIONS` | [`git log`](https://git-scm.com/docs/git-log) options used to define commit ranges. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/350660) in GitLab 15.1. |
+
+## Contribute
+
+Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components 

templates/secret-detection.yml

@@ -5,7 +5,7 @@ spec:
     image_prefix:
       default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
     image_tag:
-      default: '5'
+      default: '7'
     image_suffix:
       default: ""
 ---