Add pre-commit hooks for ocids, copyright and secrets (#234)

Author: liudmylaru

.gitleaks.toml

@@ -0,0 +1,40 @@
+title = "Gitleaks Config"
+
+# Gitleaks feature, extending the existing base config from:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+[extend]
+useDefault = true
+
+# Allowlist's 'stopwords' and 'regexes' excludes any secrets or mathching patterns from the current repository.
+# Paths listed in allowlist will not be scanned.
+[allowlist]
+    description = "Global allow list"
+    stopwords = ["test_password", "sample_key"]
+    regexes = [
+        '''example-password''',
+        '''this-is-not-the-secret''',
+        '''<redacted>'''
+    ]
+    paths = [
+        '''tests/integration/tests_configs.yaml'''
+    ]
+
+# Describe rule to search real ocids
+[[rules]]
+    description = "Real ocids"
+    id = "ocid"
+    regex = '''ocid[123]\.[a-z1-9A-Z]*\.oc\d\.[a-z1-9A-Z]*\.[a-z1-9A-Z]+'''
+    keywords = [
+        "ocid"
+    ]
+
+# Describe rule to search generic secrets
+[[rules]]
+    description = "Generic secret"
+    id = "generic-secret"
+    regex = '''(?i)((key|api|token|secret|passwd|password|psw|pass|pswd)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z!@#$%^&*<>\\\-_.=]{3,100})['\"]'''
+    entropy = 0
+    secretGroup = 4
+    keywords = [
+        "key","api","token","secret","passwd","password", "psw", "pass", "pswd"
+    ]

.pre-commit-config.yaml

@@ -1,10 +1,12 @@
 repos:
+# Standard hooks
 -   repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:
     -   id: check-ast
+        exclude: ^docs/
     -   id: check-docstring-first
-        exclude: ^tests/
+        exclude: ^(docs/|tests/)
     -   id: check-json
     -   id: check-merge-conflict
     -   id: check-yaml
@@ -14,14 +16,34 @@ repos:
     -   id: pretty-format-json
         args: ['--autofix']
     -   id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+        exclude: ^docs/
+# Black, the code formatter, natively supports pre-commit
 -   repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.3.0
     hooks:
     -   id: black
+        exclude: ^docs/
+# Regex based rst files common mistakes detector
 -   repo: https://github.com/pre-commit/pygrep-hooks
-    rev: v1.9.0
+    rev: v1.10.0
     hooks:
     -   id: rst-backticks
+        files: ^docs/
     -   id: rst-inline-touching-normal
-
-exclude: ^(docs/)
+        files: ^docs/
+# Hardcoded secrets and ocids detector
+-   repo: https://github.com/gitleaks/gitleaks
+    rev: v8.17.0
+    hooks:
+    -   id: gitleaks
+# Oracle copyright checker
+-   repo: https://github.com/oracle-samples/oci-data-science-ai-samples/
+    rev: cbe0136
+    hooks:
+    -   id: check-copyright
+        name: check-copyright
+        entry: .pre-commit-scripts/check-copyright.py
+        language: script
+        types_or: ['python', 'shell', 'bash']
+        exclude: ^docs/