matrix-builder / scripts /check_no_secrets.py
ruslanmv
Deploy: metrics + docs (Batch 12)
22b729d
Raw
History Blame Contribute Delete
875 Bytes
from __future__ import annotations
import re
from pathlib import Path
SECRET_PATTERNS = [
re.compile(r"AKIA[0-9A-Z]{16}"),
re.compile(r"(?i)(api[_-]?key|secret|token)\s*=\s*['\"][^'\"]{20,}['\"]"),
]
SKIP_DIRS = {".git", "node_modules", ".venv", "venv", ".pytest_cache", ".mypy_cache"}
violations: list[str] = []
for path in Path(".").rglob("*"):
if any(part in SKIP_DIRS for part in path.parts) or not path.is_file():
continue
if path.suffix.lower() in {".png", ".jpg", ".jpeg", ".gif", ".ico", ".zip"}:
continue
text = path.read_text(encoding="utf-8", errors="ignore")
for pattern in SECRET_PATTERNS:
if pattern.search(text):
violations.append(str(path))
break
if violations:
raise SystemExit("Potential secrets found:\n" + "\n".join(violations))
print("No obvious committed secrets detected.")