Merge branch 'BULL-3226_trufflehog' into 'main'

BULL-3226: Add trufflehog job

See merge request !1

docker/pipeline-jobs/docker-compose-test.yml

+services:
+
+  <<pipelineJobName>>:
+    image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
+    container_name: <<pipelineJobName>>
+    entrypoint: ["${BASE_SCRIPTS_DIR}/trufflehog/entrypoint.sh"]
+    working_dir: /root
+    environment:
+      - REPORTS_DIR=${BASE_REPORTS_DIR}/<<pipelineJobName>>
+      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/trufflehog
+      - SCAN_DIR=/app
+      - TRUFFLEHOG_EXCLUDE_PATHS=<<exclusions>>
+    volumes:
+      - ./:/root
+      - ./<<projectName>>-<<subProjectName>>:/app
\ No newline at end of file

docker/pipeline-jobs/docker-compose-trufflehog.yml

+services:
+
+  <<pipelineJobName>>:
+    image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
+    container_name: <<pipelineJobName>>
+    entrypoint: ["${BASE_SCRIPTS_DIR}/trufflehog/entrypoint.sh"]
+    working_dir: /root
+    environment:
+      - REPORTS_DIR=${BASE_REPORTS_DIR}/<<pipelineJobName>>
+      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/trufflehog
+      - SCAN_DIR=/app
+      - TRUFFLEHOG_EXCLUDE_PATHS=<<exclusions>>
+    volumes:
+      - ./:/root
+      - ./<<projectName>>-<<subProjectName>>:/app

formulas/express.yml

+pipelineJobs:
+  - name: trufflehog
+    composeFile: docker/pipeline-jobs/docker-compose-trufflehog.yml
+    substitutions:
+      pipelineJobName: trufflehog-api
+      subProjectName: api
+      exclusions: package-lock.json
+  - name: fakeTestJob
+    composeFile: docker/pipeline-jobs/docker-compose-test.yml
+    substitutions:
+      pipelineJobName: trufflehog-test
+      subProjectName: test
+      exclusions: testfile.yml

root/.env

 DEBUGGER_ARGS=--continue
+BASE_REPORTS_DIR=reports
+BASE_SCRIPTS_DIR=scripts

scripts/trufflehog/docker-compose.yml

-version: "0.1"
-services:
-
-  trufflehog-api:
-    image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
-    container_name: trufflehog3-api
-    entrypoint: ["/root/scripts/trufflehog/entrypoint.sh"]
-    working_dir: /root
-    # env_file:
-      # - .env # TODO: Setting env vars in here allows use of env vars inside this file itself, i.e. the entrypoint directory. Probably good to define a BASE_SCRIPTS_DIR for all jobs.
-    environment:
-      - REPORT_DIR=/root/reports/trufflehog-api
-      - SCRIPTS_DIR=/root/scripts/trufflehog
-      - SCAN_DIR=/app
-      # - TRUFFLEHOG_EXCLUDE_PATHS= # TODO: Refine
-    volumes:
-      - ./:/root
-      - ./<<projectName>>-api:/app
-
-  trufflehog-ui:
-    image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
-    container_name: trufflehog3-ui
-    entrypoint: ["/root/scripts/trufflehog/entrypoint.sh"]
-    working_dir: /root
-      # env_file:
-    # - .env # TODO: Setting env vars in here allows use of env vars inside this file itself, i.e. the entrypoint directory. Probably good to define a BASE_SCRIPTS_DIR for all jobs.
-    environment:
-      - REPORT_DIR=/root/reports/trufflehog-ui
-      - SCRIPTS_DIR=/root/scripts/trufflehog
-      - SCAN_DIR=/app
-      # - TRUFFLEHOG_EXCLUDE_PATHS= # TODO: Refine
-    volumes:
-      - ./:/root
-      - ./<<projectName>>-ui:/app

scripts/trufflehog/entrypoint.sh

 #!/bin/bash
 
-ls -al # TODO: Delete
-mkdir -p ${REPORT_DIR}
-REPORT_FILE=${REPORT_DIR}/trufflehog_report.json 
+mkdir -p ${REPORTS_DIR}
+REPORT_FILE=${REPORTS_DIR}/trufflehog_report.json 
 # enable shell globbing for recursive exclude matching. allows use of '**/*' format
 shopt -s globstar
-configfiletoremove=".trufflehog3.yml"
-if [ -f "$configfiletoremove" ]; then rm -f "$configfiletoremove" && echo "I deleted trufflehog3.yml"; fi
 # set -x so we can see the real command being run
 set -x
-trufflehog3 -vvv --ignore-nosecret --exclude ${TRUFFLEHOG_EXCLUDE_PATHS} \
-  --format json --zero --no-history \
+trufflehog3 -vvv --ignore-nosecret --format json --zero --no-history \
+  --exclude ${TRUFFLEHOG_EXCLUDE_PATHS} \
   -r ${SCRIPTS_DIR}/rules.yml \
-  -o ${REPORT_FILE} ${SCAN_DIR} 2>&1 | tee ${REPORT_DIR}/trufflehog_log.txt # TODO: Writing to trufflehog_log.txt not currently working
+  -o ${REPORT_FILE} \
+  ${SCAN_DIR}
 set +x
 shopt -u globstar
-trufflehog3 --version > ${REPORT_DIR}/trufflehog_version.txt
 python ${SCRIPTS_DIR}/trufflehog-gate-check.py "${REPORT_FILE}"