chore: secret scan in CodeBuild test (#9657)

As it turns out, our secret scan was flagging the 'account' part of the mapping generated for the AWS Deep Learning Containers image repositories. Turn them into 'repositoryAccount' instead to silence the scanner. Also, actually enable the scanner to run correctly for PR builds as well. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Aug 12, 2020 · 0ea4ea3 · 0ea4ea3
1 parent 4c62702
commit 0ea4ea3
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 46 deletions.
diff --git a/git-secrets-scan.sh b/git-secrets-scan.sh
@@ -21,10 +21,10 @@ mkdir -p .tools
 git rev-parse --git-dir > /dev/null 2>&1 || {
     git init --quiet
     git add -A .
-
-    # AWS config needs to be added to this fresh repository's config
-    .tools/git-secrets/git-secrets --register-aws
 }
 
+# AWS config needs to be added to this repository's config
+.tools/git-secrets/git-secrets --register-aws
+
 .tools/git-secrets/git-secrets --scan
 echo "git-secrets scan ok"
diff --git a/packages/@aws-cdk/aws-codebuild/lib/linux-gpu-build-image.ts b/packages/@aws-cdk/aws-codebuild/lib/linux-gpu-build-image.ts
@@ -95,7 +95,7 @@ export class LinuxGpuBuildImage implements IBindableBuildImage {
   private readonly accountExpression: string;
 
   private constructor(private readonly repositoryName: string, tag: string, private readonly account: string | undefined) {
-    this.accountExpression = account ?? core.Fn.findInMap(mappingName, core.Aws.REGION, 'account');
+    this.accountExpression = account ?? core.Fn.findInMap(mappingName, core.Aws.REGION, 'repositoryAccount');
     this.imageId = `${this.accountExpression}.dkr.ecr.${core.Aws.REGION}.${core.Aws.URL_SUFFIX}/${repositoryName}:${tag}`;
   }
 
@@ -109,7 +109,7 @@ export class LinuxGpuBuildImage implements IBindableBuildImage {
         // get the accounts from the region-info module
         const region2Accounts = RegionInfo.regionMap(FactName.DLC_REPOSITORY_ACCOUNT);
         for (const [region, account] of Object.entries(region2Accounts)) {
-          mapping[region] = { account };
+          mapping[region] = { repositoryAccount: account };
         }
         new core.CfnMapping(scopeStack, mappingName, { mapping });
       }

diff --git a/...s/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json b/...s/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json
@@ -138,7 +138,7 @@
                         {
                           "Ref": "AWS::Region"
                         },
-                        "account"
+                        "repositoryAccount"
                       ]
                     },
                     ":repository/mxnet-training"
@@ -180,7 +180,7 @@
                     {
                       "Ref": "AWS::Region"
                     },
-                    "account"
+                    "repositoryAccount"
                   ]
                 },
                 ".dkr.ecr.",
@@ -214,65 +214,65 @@
   },
   "Mappings": {
     "AwsDeepLearningContainersRepositoriesAccounts": {
-      "us-east-1": {
-        "account": "763104351884"
+      "ap-east-1": {
+        "repositoryAccount": "871362719292"
       },
-      "us-east-2": {
-        "account": "763104351884"
+      "ap-northeast-1": {
+        "repositoryAccount": "763104351884"
       },
-      "us-west-1": {
-        "account": "763104351884"
+      "ap-northeast-2": {
+        "repositoryAccount": "763104351884"
       },
-      "us-west-2": {
-        "account": "763104351884"
+      "ap-south-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ca-central-1": {
-        "account": "763104351884"
+      "ap-southeast-1": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-1": {
-        "account": "763104351884"
+      "ap-southeast-2": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-2": {
-        "account": "763104351884"
+      "ca-central-1": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-3": {
-        "account": "763104351884"
+      "cn-north-1": {
+        "repositoryAccount": "727897471807"
+      },
+      "cn-northwest-1": {
+        "repositoryAccount": "727897471807"
       },
       "eu-central-1": {
-        "account": "763104351884"
+        "repositoryAccount": "763104351884"
       },
       "eu-north-1": {
-        "account": "763104351884"
-      },
-      "sa-east-1": {
-        "account": "763104351884"
+        "repositoryAccount": "763104351884"
       },
-      "ap-south-1": {
-        "account": "763104351884"
+      "eu-west-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-northeast-1": {
-        "account": "763104351884"
+      "eu-west-2": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-northeast-2": {
-        "account": "763104351884"
+      "eu-west-3": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-southeast-1": {
-        "account": "763104351884"
+      "me-south-1": {
+        "repositoryAccount": "217643126080"
       },
-      "ap-southeast-2": {
-        "account": "763104351884"
+      "sa-east-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-east-1": {
-        "account": "871362719292"
+      "us-east-1": {
+        "repositoryAccount": "763104351884"
       },
-      "me-south-1": {
-        "account": "217643126080"
+      "us-east-2": {
+        "repositoryAccount": "763104351884"
       },
-      "cn-north-1": {
-        "account": "727897471807"
+      "us-west-1": {
+        "repositoryAccount": "763104351884"
       },
-      "cn-northwest-1": {
-        "account": "727897471807"
+      "us-west-2": {
+        "repositoryAccount": "763104351884"
       }
     }
   }