azure-pipelines.yml

# Maven

# Build your Java project and run tests with Apache Maven.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/java

trigger:
- master

pool:
  vmImage: ubuntu-latest

steps:
- task: Maven@3
  inputs:
    mavenPomFile: 'pom.xml'
    mavenOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    jdkArchitectureOption: 'x64'
    publishJUnitResults: true
    testResultsFiles: '**/surefire-reports/TEST-*.xml'
    goals: 'package'
- task: WhiteSource@21
  inputs:
    cwd: '$(System.DefaultWorkingDirectory)'


- task: UsePythonVersion@0
  displayName: "Set Python 3 as default"
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3'
    addToPath: true
    architecture: 'x64'

- bash: pip install detect-secrets
  displayName: "Install detect-secrets using pip"

- bash: |
      detect-secrets --version
      detect-secrets scan --all-files --force-use-all-plugins --exclude-files FETCH_HEAD > $(Pipeline.Workspace)/detect-secrets.json
      displayName: "Run detect-secrets tool"

- task: PublishPipelineArtifact@1
  displayName: "Publish results in the Pipeline Artifact"
  inputs:
      targetPath: "$(Pipeline.Workspace)/detect-secrets.json"
      artifact: "detect-secrets-ubuntu"
      publishLocation: "pipeline"

- bash: |
      dsjson=$(cat $(Pipeline.Workspace)/detect-secrets.json)
      echo "${dsjson}"

      count=$(echo "${dsjson}" | jq -c -r '.results | length')

      if [ $count -gt 0 ]; then
      msg="Secrets were detected in code. ${count} file(s) affected."
      echo "##vso[task.logissue type=error]${msg}"
      echo "##vso[task.complete result=Failed;]${msg}."
      else
        echo "##vso[task.complete result=Succeeded;]No secrets detected."
      fi
      displayName: "Analyzing detect-secrets results"