From d2d62818ede9388ea9bde0d06b5c7c34dfb52732 Mon Sep 17 00:00:00 2001
From: Alexander Minges <alexander.minges@uni-due.de>
Date: Tue, 8 Jul 2025 15:33:06 +0200
Subject: [PATCH] Configure Secret Detection in `.gitlab-ci.yml`, creating this
 file if it does not already exist

---
 .gitlab-ci.yml | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 376689d..6ec2fe5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,26 +1,28 @@
-# GitLab CI/CD pipeline for doi2dataset
-# Compatible with GitLab v18.1.1
-
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/user/application_security/secret_detection/pipeline/configure
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - test
-
+- test
+- secret-detection
 variables:
   PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
-
 cache:
   paths:
-    - .cache/pip/
-    - .venv/
-
+  - ".cache/pip/"
+  - ".venv/"
 test:
   stage: test
   image: python:3
   before_script:
-    - python -m pip install --upgrade pip
-    - pip install -r requirements.txt
-    - pip install -r requirements-dev.txt
+  - python -m pip install --upgrade pip
+  - pip install -r requirements.txt
+  - pip install -r requirements-dev.txt
   script:
-    - pytest
+  - pytest
   artifacts:
     reports:
       junit: junit.xml
@@ -28,9 +30,13 @@ test:
         coverage_format: cobertura
         path: coverage.xml
     paths:
-      - htmlcov/
+    - htmlcov/
     expire_in: 1 week
-  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
+  coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/"
   only:
-    - branches
-    - merge_requests
+  - branches
+  - merge_requests
+secret_detection:
+  stage: secret-detection
+include:
+- template: Security/Secret-Detection.gitlab-ci.yml