chore: secret scan in CodeBuild test (aws#9657)

As it turns out, our secret scan was flagging the 'account'
part of the mapping generated for the AWS Deep Learning Containers image repositories.
Turn them into 'repositoryAccount' instead to silence the scanner.

Also, actually enable the scanner to run correctly for PR builds as well.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: skinny85

git-secrets-scan.sh

@@ -21,10 +21,10 @@ mkdir -p .tools
 git rev-parse --git-dir > /dev/null 2>&1 || {
     git init --quiet
     git add -A .
-
-    # AWS config needs to be added to this fresh repository's config
-    .tools/git-secrets/git-secrets --register-aws
 }
 
+# AWS config needs to be added to this repository's config
+.tools/git-secrets/git-secrets --register-aws
+
 .tools/git-secrets/git-secrets --scan
 echo "git-secrets scan ok"

packages/@aws-cdk/aws-codebuild/lib/linux-gpu-build-image.ts

@@ -95,7 +95,7 @@ export class LinuxGpuBuildImage implements IBindableBuildImage {
   private readonly accountExpression: string;
 
   private constructor(private readonly repositoryName: string, tag: string, private readonly account: string | undefined) {
-    this.accountExpression = account ?? core.Fn.findInMap(mappingName, core.Aws.REGION, 'account');
+    this.accountExpression = account ?? core.Fn.findInMap(mappingName, core.Aws.REGION, 'repositoryAccount');
     this.imageId = `${this.accountExpression}.dkr.ecr.${core.Aws.REGION}.${core.Aws.URL_SUFFIX}/${repositoryName}:${tag}`;
   }
 
@@ -109,7 +109,7 @@ export class LinuxGpuBuildImage implements IBindableBuildImage {
         // get the accounts from the region-info module
         const region2Accounts = RegionInfo.regionMap(FactName.DLC_REPOSITORY_ACCOUNT);
         for (const [region, account] of Object.entries(region2Accounts)) {
-          mapping[region] = { account };
+          mapping[region] = { repositoryAccount: account };
         }
         new core.CfnMapping(scopeStack, mappingName, { mapping });
       }

packages/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json

@@ -138,7 +138,7 @@
                         {
                           "Ref": "AWS::Region"
                         },
-                        "account"
+                        "repositoryAccount"
                       ]
                     },
                     ":repository/mxnet-training"
@@ -180,7 +180,7 @@
                     {
                       "Ref": "AWS::Region"
                     },
-                    "account"
+                    "repositoryAccount"
                   ]
                 },
                 ".dkr.ecr.",
@@ -214,65 +214,65 @@
   },
   "Mappings": {
     "AwsDeepLearningContainersRepositoriesAccounts": {
-      "us-east-1": {
-        "account": "763104351884"
+      "ap-east-1": {
+        "repositoryAccount": "871362719292"
       },
-      "us-east-2": {
-        "account": "763104351884"
+      "ap-northeast-1": {
+        "repositoryAccount": "763104351884"
       },
-      "us-west-1": {
-        "account": "763104351884"
+      "ap-northeast-2": {
+        "repositoryAccount": "763104351884"
       },
-      "us-west-2": {
-        "account": "763104351884"
+      "ap-south-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ca-central-1": {
-        "account": "763104351884"
+      "ap-southeast-1": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-1": {
-        "account": "763104351884"
+      "ap-southeast-2": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-2": {
-        "account": "763104351884"
+      "ca-central-1": {
+        "repositoryAccount": "763104351884"
       },
-      "eu-west-3": {
-        "account": "763104351884"
+      "cn-north-1": {
+        "repositoryAccount": "727897471807"
+      },
+      "cn-northwest-1": {
+        "repositoryAccount": "727897471807"
       },
       "eu-central-1": {
-        "account": "763104351884"
+        "repositoryAccount": "763104351884"
       },
       "eu-north-1": {
-        "account": "763104351884"
-      },
-      "sa-east-1": {
-        "account": "763104351884"
+        "repositoryAccount": "763104351884"
       },
-      "ap-south-1": {
-        "account": "763104351884"
+      "eu-west-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-northeast-1": {
-        "account": "763104351884"
+      "eu-west-2": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-northeast-2": {
-        "account": "763104351884"
+      "eu-west-3": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-southeast-1": {
-        "account": "763104351884"
+      "me-south-1": {
+        "repositoryAccount": "217643126080"
       },
-      "ap-southeast-2": {
-        "account": "763104351884"
+      "sa-east-1": {
+        "repositoryAccount": "763104351884"
       },
-      "ap-east-1": {
-        "account": "871362719292"
+      "us-east-1": {
+        "repositoryAccount": "763104351884"
       },
-      "me-south-1": {
-        "account": "217643126080"
+      "us-east-2": {
+        "repositoryAccount": "763104351884"
       },
-      "cn-north-1": {
-        "account": "727897471807"
+      "us-west-1": {
+        "repositoryAccount": "763104351884"
       },
-      "cn-northwest-1": {
-        "account": "727897471807"
+      "us-west-2": {
+        "repositoryAccount": "763104351884"
       }
     }
   }