Merge branch 'master' of github.com:The-Japan-DataScientist-Society/100knocks-preprocess

Author: KazuhiroM

.github/workflows/run_notebooks.yml

@@ -22,6 +22,6 @@ jobs:
             echo "Run docker/work/${f}"
 
             # 「UsageError: %%sql is a cell magic, but the cell body is empty. Did you mean the line magic %sql (single %)? 」を許容するため、UsageErrorを許容する設定にしている
-            docker-compose exec -T notebook bash -c "cd work && jupyter nbconvert --to notebook --debug --NotebookClient.allow_error_names UsageError --execute ${f}"
+            docker compose exec -T notebook bash -c "cd work && jupyter nbconvert --to notebook --debug --NotebookClient.allow_error_names UsageError --execute ${f}"
             echo
           done

.github/workflows/update_pre_commit_config.yml

@@ -0,0 +1,160 @@
+name: update-pre-commit-config
+
+on:
+  pull_request:
+
+jobs:
+  update-pre-commit-config:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Install packages
+        run: npm install js-yaml
+      - name: Update .pre-commit-config.yaml
+        uses: actions/github-script@v5
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const fs = require('fs')
+            const yaml = require('js-yaml')
+
+            const config_filename = '.pre-commit-config.yaml'
+            const config = yaml.load(fs.readFileSync(config_filename, 'utf8'))
+            const common_params = {
+                owner: 'zricethezav',
+                repo: 'gitleaks'
+            }
+            console.log("call repos.getLatestRelease:", common_params)
+            const latest_release = (await github.rest.repos.getLatestRelease(common_params)).data
+            config.repos = config.repos.map(repo => {
+                if (repo.repo === 'https://github.com/' + common_params.owner + '/' + common_params.repo) {
+                    repo.rev = latest_release.tag_name;
+                }
+
+                return repo;
+            })
+
+            try {
+                fs.writeFileSync(config_filename, yaml.dump(config), 'utf8')
+            } catch (err) {
+                console.error(err.message)
+                process.exit(1)
+            }
+      # 差分があったときは差分を出力する
+      - name: Show diff
+        id: diff
+        run: |
+          result=$(git diff .pre-commit-config.yaml)
+          echo "::set-output name=result::$result"
+      # 差分があったときは、コミットを作りpushする
+      - name: Push
+        env:
+          HEAD_REF: ${{github.event.pull_request.head.ref}}
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && steps.diff.outputs.result != '' }}
+        run: |
+          git config user.name "100knocks preprocess CI"
+          git config user.email "100knocks-preprocess-ci@example.com"
+          git add .pre-commit-config.yaml
+          git commit -m "Update .pre-commit-config.yaml"
+          git push -f https://${{github.actor}}:${{secrets.GITHUB_TOKEN}}@github.com/${{github.repository}}.git "HEAD:refs/heads/fix-version-pre-commit-config-${HEAD_REF}"
+      - name: Get PullRequests
+        uses: actions/github-script@v5
+        env:
+          HEAD_REF: ${{github.event.pull_request.head.ref}}
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && steps.diff.outputs.result != '' }}
+        id: get_pull_requests
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const HEAD_REF = process.env["HEAD_REF"]
+            const pulls_list_params = {
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head: "The-Japan-DataScientist-Society:fix-version-pre-commit-config-" + HEAD_REF,
+              base: HEAD_REF,
+              state: "open"
+            }
+            console.log("call pulls.list:", pulls_list_params)
+            const pulls = await github.paginate(github.rest.pulls.list, pulls_list_params)
+            return pulls.length
+      # pushしたブランチでPRを作る
+      - name: Create PullRequest
+        uses: actions/github-script@v5
+        env:
+          HEAD_REF: ${{github.event.pull_request.head.ref}}
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && steps.diff.outputs.result != '' && steps.get_pull_requests.outputs.result == 0 }}
+        id: create_pull_request
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const HEAD_REF = process.env["HEAD_REF"]
+            const pulls_create_params = {
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head: "The-Japan-DataScientist-Society:fix-version-pre-commit-config-" + HEAD_REF,
+              base: HEAD_REF,
+              title: ".pre-commit-config.yamlアップデート #${{github.event.pull_request.number}}",
+              body: ".pre-commit-config.yamlをアップデートしました。マージすると元のPRにアップデートが反映されます。 #${{github.event.pull_request.number}}"
+            }
+            console.log("call pulls.create:", pulls_create_params)
+            const create_pull_res = (await github.rest.pulls.create(pulls_create_params)).data
+            return create_pull_res.number
+      - name: Assign a user
+        uses: actions/github-script@v5
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && steps.diff.outputs.result != '' && steps.get_pull_requests.outputs.result == 0 && github.event.pull_request.user.login != 'dependabot[bot]' }}
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const issues_add_assignees_params = {
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{steps.create_pull_request.outputs.result}},
+              assignees: ["${{github.event.pull_request.user.login}}"]
+            }
+            console.log("call issues.addAssignees:", issues_add_assignees_params)
+            await github.rest.issues.addAssignees(issues_add_assignees_params)
+      # 既にアップデートのPRがある状態で、手動でアップデートした場合、アップデートのPRを閉じる
+      - name: Close PullRequest
+        uses: actions/github-script@v5
+        env:
+          HEAD_REF: ${{github.event.pull_request.head.ref}}
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && steps.diff.outputs.result == '' }}
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const HEAD_REF = process.env["HEAD_REF"]
+            const head_name = "fix-version-pre-commit-config-" + HEAD_REF
+            const common_params = {
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            }
+            const pulls_list_params = {
+              head: "The-Japan-DataScientist-Society:" + head_name,
+              base: HEAD_REF,
+              state: "open",
+              ...common_params
+            }
+            console.log("call pulls.list:", pulls_list_params)
+            const pulls = await github.paginate(github.rest.pulls.list, pulls_list_params)
+
+            for (const pull of pulls) {
+              const pulls_update_params = {
+                pull_number: pull.number,
+                state: "closed",
+                ...common_params
+              }
+              console.log("call pulls.update:", pulls_update_params)
+              await github.rest.pulls.update(pulls_update_params)
+              const git_deleteRef_params = {
+                ref: "heads/" + head_name,
+                ...common_params
+              }
+              console.log("call git.deleteRef:", git_deleteRef_params)
+              await github.rest.git.deleteRef(git_deleteRef_params)
+            }
+      - name: Exit
+        if: ${{ steps.diff.outputs.result != '' }}
+        run: exit 1

.gitleaks.toml

@@ -0,0 +1,174 @@
+title = "gitleaks config"
+
+[[rules]]
+description = "AWS Access Key"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS Secret Key"
+regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS MWS key"
+regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+tags = ["key", "AWS", "MWS"]
+
+[[rules]]
+description = "Facebook Secret Key"
+regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Facebook Client ID"
+regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Twitter Secret Key"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+tags = ["key", "Twitter"]
+
+[[rules]]
+description = "Twitter Client ID"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+tags = ["client", "Twitter"]
+
+[[rules]]
+description = "Github Personal Access Token"
+regex = '''ghp_[0-9a-zA-Z]{36}'''
+tags = ["key", "Github"]
+[[rules]]
+description = "Github OAuth Access Token"
+regex = '''gho_[0-9a-zA-Z]{36}'''
+tags = ["key", "Github"]
+[[rules]]
+description = "Github App Token"
+regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
+tags = ["key", "Github"]
+[[rules]]
+description = "Github Refresh Token"
+regex = '''ghr_[0-9a-zA-Z]{76}'''
+tags = ["key", "Github"]
+
+[[rules]]
+description = "LinkedIn Client ID"
+regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
+tags = ["client", "LinkedIn"]
+
+[[rules]]
+description = "LinkedIn Secret Key"
+regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
+tags = ["secret", "LinkedIn"]
+
+[[rules]]
+description = "Slack"
+regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+tags = ["key", "Slack"]
+
+[[rules]]
+description = "Asymmetric Private Key"
+regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
+tags = ["key", "AsymmetricPrivateKey"]
+
+[[rules]]
+description = "Google API key"
+regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+tags = ["key", "Google"]
+
+[[rules]]
+description = "Google (GCP) Service Account"
+regex = '''"type": "service_account"'''
+tags = ["key", "Google"]
+
+[[rules]]
+description = "Heroku API key"
+regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+tags = ["key", "Heroku"]
+
+[[rules]]
+description = "MailChimp API key"
+regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
+tags = ["key", "Mailchimp"]
+
+[[rules]]
+description = "Mailgun API key"
+regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
+tags = ["key", "Mailgun"]
+
+[[rules]]
+description = "PayPal Braintree access token"
+regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+tags = ["key", "Paypal"]
+
+[[rules]]
+description = "Picatic API key"
+regex = '''sk_live_[0-9a-z]{32}'''
+tags = ["key", "Picatic"]
+
+[[rules]]
+description = "SendGrid API Key"
+regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
+tags = ["key", "SendGrid"]
+
+[[rules]]
+description = "Slack Webhook"
+regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
+tags = ["key", "slack"]
+
+[[rules]]
+description = "Stripe API key"
+regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
+tags = ["key", "Stripe"]
+
+[[rules]]
+description = "Square access token"
+regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Square OAuth secret"
+regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Twilio API key"
+regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
+tags = ["key", "twilio"]
+
+[[rules]]
+description = "Dynatrace ttoken"
+regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
+tags = ["key", "Dynatrace"]
+
+[[rules]]
+description = "Shopify shared secret"
+regex = '''shpss_[a-fA-F0-9]{32}'''
+tags = ["key", "Shopify"]
+
+[[rules]]
+description = "Shopify access token"
+regex = '''shpat_[a-fA-F0-9]{32}'''
+tags = ["key", "Shopify"]
+
+[[rules]]
+description = "Shopify custom app access token"
+regex = '''shpca_[a-fA-F0-9]{32}'''
+tags = ["key", "Shopify"]
+
+[[rules]]
+description = "Shopify private app access token"
+regex = '''shppa_[a-fA-F0-9]{32}'''
+tags = ["key", "Shopify"]
+
+[[rules]]
+description = "PyPI upload token"
+regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+tags = ["key", "pypi"]
+
+[allowlist]
+description = "Allowlisted files"
+files = ['''^\.?gitleaks.toml$''',
+    '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''',
+    '''(go.mod|go.sum)$''']

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.8.11
+    hooks:
+      - id: gitleaks

README.rst

@@ -52,6 +52,12 @@ Usage
 - ブラウザで以下のURLにアクセスします
 http://localhost:8888
 
+How to contribute
+====
+開発に協力していただける場合は本リポジトリをcloneし、 https://pre-commit.com/ の手順に従って `pre-commit` をインストールしてください。
+
+これにより、 `.pre-commit-config.yaml <.pre-commit-config.yaml>`_ の設定に基づいて、コミット時にクレデンシャルが含まれていないかの検査が行われるようになります。
+
 Document
 ====
 - doc配下にデータサイエンス100本ノック（構造化データ加工編）の説明資料と設問PDF、設問HTML、解答例HTMLを配置