add: gitleaks (#17)

.github/workflows/gitleaks.yml

@@ -0,0 +1,7 @@
+name: Gitleaks
+on:
+  pull_request:
+
+jobs:
+  gitleaks:
+    uses: notdodo/github-actions/.github/workflows/[email protected]

pulumi/__main__.py

@@ -218,20 +218,6 @@
     ),
 )
 
-bot_webhook_gw = apigatewayv2.Api(
-    f"{RESOURCES_PREFIX}-webhook",
-    protocol_type="HTTP",
-    route_key="POST /erfiume_bot",
-    target=bot_lambda.arn,
-)
-lambda_.Permission(
-    f"{RESOURCES_PREFIX}-lambda-bot-api-gateway",
-    action="lambda:InvokeFunction",
-    function=bot_lambda.arn,
-    principal="apigateway.amazonaws.com",
-    source_arn=bot_webhook_gw.execution_arn.apply(lambda arn: f"{arn}/*/*"),
-)
-
 cloudwatch.LogGroup(
     f"{RESOURCES_PREFIX}-fetcher",
     log_group_class="STANDARD",
@@ -246,6 +232,20 @@
 )
 
 if pulumi.get_stack() == "production":
+    bot_webhook_gw = apigatewayv2.Api(
+        f"{RESOURCES_PREFIX}-webhook",
+        protocol_type="HTTP",
+        route_key="POST /erfiume_bot",
+        target=bot_lambda.arn,
+    )
+    lambda_.Permission(
+        f"{RESOURCES_PREFIX}-lambda-bot-api-gateway",
+        action="lambda:InvokeFunction",
+        function=bot_lambda.arn,
+        principal="apigateway.amazonaws.com",
+        source_arn=bot_webhook_gw.execution_arn.apply(lambda arn: f"{arn}/*/*"),
+    )
+
     Webhook(
         f"{RESOURCES_PREFIX}-apigateway-registration",
         token=pulumi.Config().require_secret("telegram-bot-token"),

pulumi/docker-compose.yaml

@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   localstack:
     container_name: "${LOCALSTACK_DOCKER_NAME:-localstack-main}"
@@ -8,9 +6,8 @@ services:
       - "127.0.0.1:4566:4566" # LocalStack Gateway
       - "127.0.0.1:4510-4559:4510-4559" # external services port range
     environment:
-      - SERVICE="dynamodb"
       - EAGER_SERVICE_LOADING=1
-      - DEBUG=${DEBUG:-0}
+      - DEBUG=${DEBUG:-1}
       - PERSISTENCE=${PERSISTENCE:-0}
       - DOCKER_HOST=unix:///var/run/docker.sock
     volumes: