Enable detect secrets in SPS build pipelines (#1201)

* Add .secrets.baseline file to track sensitive info detection results

Signed-off-by: Sophie Shen <syc_libra@live.cn>

* Enable detect-secrets step in CI and PR pipelines

Signed-off-by: Sophie Shen <syc_libra@live.cn>

* Rename PPC pipeline to PPC64LE and update dependencies in multiarch checks

Signed-off-by: Sophie Shen <syc_libra@live.cn>

* Remove unnecessary binfmt installation step from prepare-buildx target

Signed-off-by: Sophie Shen <syc_libra@live.cn>

---------

Signed-off-by: Sophie Shen <syc_libra@live.cn>

Author: YCShen1010

.pipeline-config-ci.yaml

@@ -10,7 +10,7 @@ tasks:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
       - name: compliance-checks

.pipeline-config-pr.yaml

@@ -10,7 +10,7 @@ tasks:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
       - name: unit-test
@@ -42,7 +42,7 @@ tasks:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
       - name: unit-test
@@ -74,7 +74,7 @@ tasks:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
       - name: unit-test
@@ -106,7 +106,7 @@ tasks:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
       - name: unit-test
@@ -135,7 +135,7 @@ tasks:
       - name: compliance-checks
         when: 'false'
 
-  pr-code-checks-ppc:
+  pr-code-checks-ppc64le:
     from: pr-code-checks
     runtimeClassName: x86-xlarge
     include:
@@ -212,15 +212,15 @@ tasks:
     runtimeClassName: x86-xlarge
     runAfter: 
       - pr-code-checks-amd64
-      - pr-code-checks-ppc
+      - pr-code-checks-ppc64le
       - pr-code-checks-s390
     include:
       - dind
     steps:
       - name: checks-setup
         when: 'false'
       - name: detect-secrets
-        when: 'false'
+        when: 'true'
         include:
           - docker-socket
           - dind

.secrets.baseline

@@ -0,0 +1,326 @@
+{
+  "exclude": {
+    "files": "go.sum|go.mod|^.secrets.baseline$",
+    "lines": null
+  },
+  "generated_at": "2025-11-03T14:28:59Z",
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {
+    "bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml": [
+      {
+        "hashed_secret": "99ddc8a6c519da3e597f5e1d5b82bca2ccdd29d8",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 22,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "aaed328dd083d0c3af645661c0d9b5f535a46606",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 464,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b84353fa45588dbbf500039556637290ef292611",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 521,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "common/Makefile.common.mk": [
+      {
+        "hashed_secret": "1c9b29b40c7759ef4666dff4065908278fa4c837",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 32,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "config/e2e/manager/manager.yaml": [
+      {
+        "hashed_secret": "b9274fd20e965ade322fd1b50fff623eabaa1c3b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 30,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      }
+    ],
+    "config/manager/manager.yaml": [
+      {
+        "hashed_secret": "b9274fd20e965ade322fd1b50fff623eabaa1c3b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 32,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      }
+    ],
+    "config/manifests/bases/operand-deployment-lifecycle-manager.clusterserviceversion.yaml": [
+      {
+        "hashed_secret": "aaed328dd083d0c3af645661c0d9b5f535a46606",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 353,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b84353fa45588dbbf500039556637290ef292611",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 410,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "config/samples/operator_v1alpha1_operandbindinfo.yaml": [
+      {
+        "hashed_secret": "99ddc8a6c519da3e597f5e1d5b82bca2ccdd29d8",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 12,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "controllers/operandbindinfo/operandbindinfo_controller.go": [
+      {
+        "hashed_secret": "0505ee303edffbbcb314426728ca74ac30ad2e71",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 312,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "controllers/operator/manager.go": [
+      {
+        "hashed_secret": "0505ee303edffbbcb314426728ca74ac30ad2e71",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 1381,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "controllers/operator/manager_test.go": [
+      {
+        "hashed_secret": "fe966f3c91f0d86db520cebd70fad20d31e64396",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 1267,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "controllers/testutil/test_util.go": [
+      {
+        "hashed_secret": "3982c799d1c4f3ae3190ad4e09248585c651a946",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 243,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "08175ec631c367891f55c615fb8d710a1001362b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 336,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "00cafd126182e8a9e7c01bb2f0dfd00496be724f",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 361,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "c636e8e238fd7af97e2e500f8c6f0f4c0bedafb0",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 365,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "418ee516f1cb095c50ff2f10a76192889c281f3a",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 369,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "docs/design/operand-deployment-lifecycle-manager.md": [
+      {
+        "hashed_secret": "0522bf47d33ac469d10e000b5f9f3a761f7e9d0a",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 272,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "aaed328dd083d0c3af645661c0d9b5f535a46606",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 517,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b84353fa45588dbbf500039556637290ef292611",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 575,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "docs/user/how-to-use-operandBindInfo.md": [
+      {
+        "hashed_secret": "aa891d4e101044bdd59c2b7ce36a2eb8f3b16793",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 73,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "helm-cluster-scoped/values.yaml": [
+      {
+        "hashed_secret": "da5743b16ccee188d5e5c28cea321ce7a041f4cb",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 2,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "helm/templates/operator-deployment.yaml": [
+      {
+        "hashed_secret": "99ddc8a6c519da3e597f5e1d5b82bca2ccdd29d8",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 47,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "helm/values.yaml": [
+      {
+        "hashed_secret": "da5743b16ccee188d5e5c28cea321ce7a041f4cb",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 2,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/e2e/helpers_test.go": [
+      {
+        "hashed_secret": "41b89c91ee19ba61572168ab6baba46185084957",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 683,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "99ddc8a6c519da3e597f5e1d5b82bca2ccdd29d8",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 827,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ]
+  },
+  "version": "0.13.1+ibm.64.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}