diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 0000000..4c302d2 --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,24 @@ +name: Tests + +on: + push: + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install dependencies + run: npm install + + - name: Check + run: npm run check + + - name: Lint + run: npm run lint + + - name: Build + run: npm run build diff --git a/Git_GitHub_How_To.md b/Git_GitHub_How_To.md index 6f4f1fc..2dea8e8 100644 --- a/Git_GitHub_How_To.md +++ b/Git_GitHub_How_To.md @@ -20,12 +20,12 @@ Here you will find the following information: Links to two visual user interface applications: - [GitHub Desktop](#github-desktop-app) - Very basic easy to use user interface built by GitHub. - Can through errors since it does not provide good support for repositories with GitHub submodules as of 2022-02-21. + Very basic easy to use user interface built by GitHub. + Can through errors since it does not provide good support for repositories with GitHub submodules as of 2022-02-21. - [GitKraken](#gitkraken-desktop-app) - Complete solution with all bells and whistles, from GPG, SSH key creation, to in app pull requests, etc. Comes in three versions: Free, Pro, Enterprise. - The Free versions works with public online or locally hosted repositories. + Complete solution with all bells and whistles, from GPG, SSH key creation, to in app pull requests, etc. Comes in three versions: Free, Pro, Enterprise. + The Free versions works with public online or locally hosted repositories. ## Git @@ -35,7 +35,7 @@ Links to two visual user interface applications: Wikipedia.org Definition: ->"Git (/ɡɪt/) is software for tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development. Its goals include speed, data integrity, and support for distributed, non-linear workflows (thousands of parallel branches running on different systems)." +> "Git (/ɡɪt/) is software for tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development. Its goals include speed, data integrity, and support for distributed, non-linear workflows (thousands of parallel branches running on different systems)." Essentially it is a software that helps track and coordinate software development among developers. @@ -48,7 +48,7 @@ Here are some good videos that explain the what and how of Git: #### Cloning Repositories ->git clone +> git clone In order to get the git repository ssh url you have to go to the repository, and select the green "Code" button, and here choose the "ssh" tab to then copy the url as shown in the following image: @@ -56,9 +56,9 @@ In order to get the git repository ssh url you have to go to the repository, and You have to click on "Code" and then select "SSH" and copy the address which whould look something similar to this: ->git@github.com:Nautilus-Cyberneering/chinese-ideographs-website.git +> git@github.com:Nautilus-Cyberneering/chinese-ideographs-website.git -**Important Note: +\*\*Important Note: Before doing this step you might have to set up your git installation with OPENSSH. If you are running Windows you will have to activate the OPENSSH service and then generate a new SSH-Key for yourself and copy it into your GitHub profile security settings to do so here are some useful links: @@ -83,9 +83,9 @@ More on the "git clone": git branch -a - Note: A good habit is to update your remote repositories information to make sure that you see all the remote repositories. You can do this using the following command: + Note: A good habit is to update your remote repositories information to make sure that you see all the remote repositories. You can do this using the following command: - git fetch + git fetch #### Switching Branches @@ -95,7 +95,7 @@ More on the "git clone": - Remote - git checkout + git checkout #### Deleting diff --git a/README.md b/README.md index ea4a8d7..f05f450 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,6 @@ # 🚨 Secure Git Guide 🚨 -![Index header](./media/HEADER/SGG-IndexHeader-1600x500.jpg) - -[![MegaLinter](https://github.com/Nautilus-Cyberneering/GPG-Bootcamp/actions/workflows/mega-linter.yml/badge.svg)](https://github.com/Nautilus-Cyberneering/GPG-Bootcamp/actions/workflows/mega-linter.yml) -![Open Source](https://badgen.net/badge/Open%20Source/100%25/DA2CE7) -![Cool](https://badgen.net/badge/Cool/100%25/FF7F50) +[![Deploy to GitHub Pages](https://github.com/nautilus-cyberneering/secure-git-guide/actions/workflows/deploy.yml/badge.svg)](https://github.com/nautilus-cyberneering/secure-git-guide/actions/workflows/deploy.yml) [![Testing](https://github.com/nautilus-cyberneering/secure-git-guide/actions/workflows/testing.yml/badge.svg)](https://github.com/nautilus-cyberneering/secure-git-guide/actions/workflows/testing.yml) ## Repository Description diff --git a/src/app.css b/src/app.css index 7095956..a4ad15a 100644 --- a/src/app.css +++ b/src/app.css @@ -29,11 +29,11 @@ html { --border-light: var(--gray-4); } -a:hover{ +a:hover { color: #62629d; } -a:visited{ +a:visited { color: #6464e2; } @@ -84,10 +84,10 @@ a:visited{ .contact, .contact-text h3, .contribute-main-heading, - .contribute-list-heading{ + .contribute-list-heading { color: #000; } - .post a{ + .post a { color: #fff; } } @@ -122,7 +122,7 @@ img { border-radius: var(--radius-3); } -hr{ +hr { margin-block: 1rem; } @@ -156,7 +156,7 @@ li { color: var(--text-1); } -.prose :is(pre){ +.prose :is(pre) { background-color: black; display: block; position: relative; @@ -169,22 +169,22 @@ li { padding: 30px 15px; margin: 30px 0; - overflow-x: auto; - scrollbar-color: var(--color--primary) var(--color--primary-tint); - scrollbar-width: thin; - padding-bottom: 5px; + overflow-x: auto; + scrollbar-color: var(--color--primary) var(--color--primary-tint); + scrollbar-width: thin; + padding-bottom: 5px; - &::-webkit-scrollbar { - height: 8px; - } - &::-webkit-scrollbar-thumb { - background: #fff; - &:hover { - background: var(--color--primary-shade); - } + &::-webkit-scrollbar { + height: 8px; + } + &::-webkit-scrollbar-thumb { + background: #fff; + &:hover { + background: var(--color--primary-shade); } + } } -.prose :is(p){ - margin-block: .8rem; -} \ No newline at end of file +.prose :is(p) { + margin-block: 0.8rem; +} diff --git a/src/app.html b/src/app.html index 00c21f8..812e673 100644 --- a/src/app.html +++ b/src/app.html @@ -6,9 +6,11 @@ %sveltekit.head% diff --git a/src/lib/config.ts b/src/lib/config.ts index 4ba502c..677398a 100644 --- a/src/lib/config.ts +++ b/src/lib/config.ts @@ -1,5 +1,5 @@ -import {dev} from '$app/environment' +import { dev } from '$app/environment'; -export const title = 'Secure Git Guide' -export const description = 'SvelteKit' -export const url = dev ? 'http://127.0.0.1:5173/' : 'url' \ No newline at end of file +export const title = 'Secure Git Guide'; +export const description = 'SvelteKit'; +export const url = dev ? 'http://127.0.0.1:5173/' : 'url'; diff --git a/src/lib/theme.ts b/src/lib/theme.ts index b4ca6d8..ecafa7e 100644 --- a/src/lib/theme.ts +++ b/src/lib/theme.ts @@ -1,23 +1,23 @@ -import {writable} from 'svelte/store' -import {browser} from '$app/environment' +import { writable } from 'svelte/store'; +import { browser } from '$app/environment'; -type Theme = 'light' | 'dark' +type Theme = 'light' | 'dark'; -const userTheme = browser && localStorage.getItem('color-scheme') +const userTheme = browser && localStorage.getItem('color-scheme'); -export const theme = writable(userTheme ?? 'dark') +export const theme = writable(userTheme ?? 'dark'); -export function toggleTheme(){ - theme.update((currentTheme) => { - const newTheme = currentTheme === 'dark' ? 'light' : 'dark' +export function toggleTheme() { + theme.update((currentTheme) => { + const newTheme = currentTheme === 'dark' ? 'light' : 'dark'; - document.documentElement.setAttribute('color-scheme', newTheme) - localStorage.setItem('color-scheme', newTheme) + document.documentElement.setAttribute('color-scheme', newTheme); + localStorage.setItem('color-scheme', newTheme); - return newTheme - }) + return newTheme; + }); } -export function setTheme(newTheme: Theme){ - theme.set(newTheme) -} \ No newline at end of file +export function setTheme(newTheme: Theme) { + theme.set(newTheme); +} diff --git a/src/lib/types.ts b/src/lib/types.ts index 591792e..31f0ee0 100644 --- a/src/lib/types.ts +++ b/src/lib/types.ts @@ -1,10 +1,10 @@ -export type Categories = 'sveltekit' | 'svelte' +export type Categories = 'sveltekit' | 'svelte'; export type Post = { - title: string - slug: string - description: string - date: string - categories: Categories[] - published: boolean -} \ No newline at end of file + title: string; + slug: string; + description: string; + date: string; + categories: Categories[]; + published: boolean; +}; diff --git a/src/lib/utils.ts b/src/lib/utils.ts index 89a5a39..5a2d548 100644 --- a/src/lib/utils.ts +++ b/src/lib/utils.ts @@ -1,6 +1,6 @@ -type DateStyle = Intl.DateTimeFormatOptions['dateStyle'] +type DateStyle = Intl.DateTimeFormatOptions['dateStyle']; export function formatDate(date: string, dateStyle: DateStyle = 'medium', locales = 'en') { - const formatter = new Intl.DateTimeFormat(locales, { dateStyle }) - return formatter.format(new Date(date)) -} \ No newline at end of file + const formatter = new Intl.DateTimeFormat(locales, { dateStyle }); + return formatter.format(new Date(date)); +} diff --git a/src/posts/001_GPG-What-is-GPG.md b/src/posts/001_GPG-What-is-GPG.md index 0d43487..8f01aac 100644 --- a/src/posts/001_GPG-What-is-GPG.md +++ b/src/posts/001_GPG-What-is-GPG.md @@ -50,5 +50,5 @@ More recent releases of GnuPG 2.x ("modern" and the now deprecated "stable" seri --- Note: Source [WIKIPEDIA](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) - + [Back to home](/) diff --git a/src/posts/002_GPG-Why-we-use-GPG.md b/src/posts/002_GPG-Why-we-use-GPG.md index e7cd8d8..1f266f5 100644 --- a/src/posts/002_GPG-Why-we-use-GPG.md +++ b/src/posts/002_GPG-Why-we-use-GPG.md @@ -25,17 +25,17 @@ It is the preferred option by our team members. For authentication, certification and signing the receiving end can verify that the content is from you, having your public key. On the other hand, if the other party wants to send you something only for you, they will use your public encryption key in combination with their own private key to sign and certify the content. Such content can only be decrypted using your own private key, and by having their public key you will know that it is from them. -***First advantage:*** +**_First advantage:_** If someone sends to you something encrypted, meant only for you, you will be the only one capable of decrypting it. ->"All right but why now, so many keys?" +> "All right but why now, so many keys?" Essentially there is one primary key, which is typically used only for signing and certification, and a subkey signed by the primary key for encryption. However, you can have one for each of the usages if you wanted. -***Second advantage:*** +**_Second advantage:_** - Each subkey when used is transmitted at the same time, but if compromised it can be revoked individually and a new key generated while keeping your primary key valid. It makes it easier to manage your keys and split them for the different purposes you want to use them. +Each subkey when used is transmitted at the same time, but if compromised it can be revoked individually and a new key generated while keeping your primary key valid. It makes it easier to manage your keys and split them for the different purposes you want to use them. ### Disadvantage @@ -43,4 +43,4 @@ If your primary key is compromised or you lose it, your security has been breach Nevertheless, for this situation there exists the **revocation certificate** which is created from the start at the same time that you create your keys for the first time or at any given time for the individual keys you want to revoke. With this certificate you would have to go to the before mentioned GPG key servers and upload it, to publicly revoke the affected key or keys. -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md b/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md index 05e1565..c35b9c4 100644 --- a/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md +++ b/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md @@ -12,9 +12,9 @@ published: true The steps to install GPG on your computer are the following: 1. Download the necessary software for your Operating System at: - - [Windows](https://gpg4win.org/download.html) - - [Linux - Installed through terminal](https://linuxhint.com/gpg-command-ubuntu/) - - [Mac OS](https://sourceforge.net/p/gpgosx/docu/Download/) + - [Windows](https://gpg4win.org/download.html) + - [Linux - Installed through terminal](https://linuxhint.com/gpg-command-ubuntu/) + - [Mac OS](https://sourceforge.net/p/gpgosx/docu/Download/) ## GPG4Win Kleopatra @@ -74,6 +74,7 @@ Here is a series of screenshots of the process using the Kleopatra application f ### Creating a Revocation Certificate --- + (1) ![012](docs/media/003/KLEO_CREATE_012.png) @@ -106,12 +107,14 @@ In order to generate your new keys you have two options: ### Default Setup --- + Open the command line as an admin and type: 
     terminal
     gpg --gen-keys
+ (1) ![cli001](docs/media/003/CLI_CREATE_001.png) @@ -215,4 +218,4 @@ Open the command line as an admin and type: ![cliFgk012](docs/media/003/CLI_CREATE_fgk_012.png) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md b/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md index c27d5f8..106ef5a 100644 --- a/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md +++ b/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md @@ -12,4 +12,4 @@ In order to use the GPG Keys Github and GIT develop two easy to follow guideline - Git - - GitHub - -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/005_GPG-Best-Practices.md b/src/posts/005_GPG-Best-Practices.md index 18b30e9..0550fd2 100644 --- a/src/posts/005_GPG-Best-Practices.md +++ b/src/posts/005_GPG-Best-Practices.md @@ -25,7 +25,7 @@ This basis structure was chosen upon the thought that the keys used for Encrypti However, in many cases this is not what the user would want if given the choice. -### Why is this not optimal? +### Why is this not optimal? The default set-up leaves still some space for improvement. This is because it does not take advantage of the possibility to create individual sub-keys for each capability. @@ -42,6 +42,7 @@ If you do not do this, you probably will end up someday with your primary key co ### How to create further sub-keys --- + ![IMAGE](https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg) In order to create additional sub-keys, you need to use the GPG command-line interface. @@ -52,23 +53,23 @@ I base the following summary of steps in the command line interface on his work. 1. Type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 2. In the list you get an overview of all the primary key and its existing sub-keys. You will copy the second line of your public key made up of 10 pairs of 4 numbers and or letters. 3. Using the noted public key type: - ```terminal - gpg --edit-key - ``` + ```terminal + gpg --edit-key + ``` 4. You will get a display of their associated private key and a new prompt so type: - ```terminal - addkey - ``` + ```terminal + addkey + ``` 5. Select your applicable key, most likely option **(4) RSA (sign only)** @@ -80,30 +81,31 @@ I base the following summary of steps in the command line interface on his work. 9. To see the equivalent public keys for export type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 10. You should now see the new sub-key and the changed primary key rights. ### Removing primary key rights --- + The last step to finish this is to remove all capabilities except the "certify" capability from the primary key. For this, you will continue using the command line but using the "expert" mode. 1. Type: - ```terminal - gpg --expert --edit-key - ``` + ```terminal + gpg --expert --edit-key + ``` 2. You will get an overview of the primary key's rights. 3. Type: - ```terminal - change-usage - ``` + ```terminal + change-usage + ``` 4. Use the toggle option taking away the rights for which you already have created the new sub-key. @@ -113,22 +115,23 @@ The last step to finish this is to remove all capabilities except the "certify" 7. Type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 8. You will see the new public key rights where you should only see the "c" option for certify at the "pub" key. ### Configuring Git with your new key --- + In order to set up your new key for signing your commits you have to follow these steps: 1. In the command prompt type: - ```terminal - git config --global --edit - ``` + ```terminal + git config --global --edit + ``` 2. This will open the git config file in your default editor. In my case it opens it in Visual Code. @@ -141,21 +144,25 @@ In order to set up your new key for signing your commits you have to follow thes ### Always use a Passphrase :exclamation --- + When creating the set of keys you are asked for a passphrase. Set it and remember it or even better write it down somewhere. This is another safety measure but it is essential. ### Backing up Your Revocation Certificate :exclamation --- + **_Make sure that you keep a backup of your revocation certificate or that you print it out and store it somewhere safe in case that you were to have to use it._** ### Rotating Your Encryption Keys :exclamation --- + This being one of the most used capabilities. It is recommended that you rotate these keys to prevent anyone to have access to any of your encrypted information, creating for example new keys in events such as computer change, etc. It is important though to back these up in the event that you were to have files encrypted with these. ### Setting an Expiration Date :exclamation --- + Another good idea is to set an expiration date not too far in the future in case that you were to not be able to revoke your certificate due to having lost your revocation certificate. -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md b/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md index 96a7efe..055e668 100644 --- a/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md +++ b/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md @@ -46,7 +46,7 @@ sub rsa4096 2021-11-19 [E] The meaning for the letters inside brackets are the [GPG key capabilities](https://github.com/gpg/gnupg/blob/master/doc/DETAILS#field-12---key-capabilities): | Character | Capability | -|-----------|----------------| +| --------- | -------------- | | S | Sign | | C | Certify | | E | Encrypt | @@ -64,10 +64,10 @@ There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E [ultimate] (1). A committer gpg> addkey @@ -87,7 +87,7 @@ Please specify how long the key should be valid. w = key expires in n weeks m = key expires in n months y = key expires in n years -Key is valid for? (0) +Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y Really create? (y/N) y @@ -97,12 +97,12 @@ disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> save @@ -144,19 +144,19 @@ There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> change-usage Changing usage of the primary key. -Possible actions for a RSA key: Sign Certify Encrypt Authenticate -Current allowed actions: Sign Certify +Possible actions for a RSA key: Sign Certify Encrypt Authenticate +Current allowed actions: Sign Certify (S) Toggle the sign capability (E) Toggle the encrypt capability @@ -165,8 +165,8 @@ Current allowed actions: Sign Certify Your selection? S -Possible actions for a RSA key: Sign Certify Encrypt Authenticate -Current allowed actions: Certify +Possible actions for a RSA key: Sign Certify Encrypt Authenticate +Current allowed actions: Certify (S) Toggle the sign capability (E) Toggle the encrypt capability @@ -176,12 +176,12 @@ Current allowed actions: Certify Your selection? Q sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: C + created: 2021-11-19 expires: never usage: C trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> save @@ -211,4 +211,4 @@ sub rsa4096 2021-11-26 [S] - [Creating a new GPG key with subkeys](https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/) - [Generating More Secure GPG Keys: Rationale](https://spin.atomicobject.com/2013/10/23/secure-gpg-keys/) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md b/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md index 5e48075..d6b188f 100644 --- a/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md +++ b/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md @@ -78,10 +78,10 @@ There is NO WARRANTY, to the extent permitted by law. Secret subkeys are available. pub rsa3072/B5B58E7CA8F56B98 - created: 2022-03-03 expires: never usage: C + created: 2022-03-03 expires: never usage: C trust: unknown validity: unknown ssb rsa3072/FC47DBB5210FB475 - created: 2022-03-03 expires: never usage: S + created: 2022-03-03 expires: never usage: S [ unknown] (1). Test User gpg> passwd gpg: key B5B58E7CA8F56B98/B5B58E7CA8F56B98: error changing passphrase: No secret key diff --git a/src/posts/009_GPG-Git-commits-partially-verified.md b/src/posts/009_GPG-Git-commits-partially-verified.md index 23247c4..aed8062 100644 --- a/src/posts/009_GPG-Git-commits-partially-verified.md +++ b/src/posts/009_GPG-Git-commits-partially-verified.md @@ -314,7 +314,7 @@ If we were using GPG signatures, we would have only the committer signature on e On GitHub documentation, you can read: ->"The rebase and merge behavior on GitHub deviates slightly from Git rebase. Rebase and merge on GitHub will always update the committer information and create new commit SHAs, whereas Git rebase outside of GitHub does not change the committer information when the rebase happens on top of an ancestor commit. For more information about Git rebase, see git-rebase in the Git documentation." +> "The rebase and merge behavior on GitHub deviates slightly from Git rebase. Rebase and merge on GitHub will always update the committer information and create new commit SHAs, whereas Git rebase outside of GitHub does not change the committer information when the rebase happens on top of an ancestor commit. For more information about Git rebase, see git-rebase in the Git documentation." When it is possible to merge with fast-forward, Git will not change the original committer info. If you rerun the merge example using rebase with fast-forward: @@ -454,4 +454,4 @@ When you use signed commits: - Git docs: [Git signature format](https://git-scm.com/docs/signature-format) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/010_How-to-remove-commits-by-commit-message.md b/src/posts/010_How-to-remove-commits-by-commit-message.md index e487c5d..49071cf 100644 --- a/src/posts/010_How-to-remove-commits-by-commit-message.md +++ b/src/posts/010_How-to-remove-commits-by-commit-message.md @@ -51,24 +51,24 @@ Reposurgeon has two modes: interactive and non-interactive. If you execute repos ```s $ reposurgeon reposurgeon% help -6. The Command Interpreter +6. The Command Interpreter 1. Command syntax syntax* 2. Finding your way around help, history, shell, quit 3. Regular Expressions regexp* 4. Selection syntax selection*, functions* 5. Redirection and shell-like features redirection* -7. Import and Export +7. Import and Export 1. Reading and writing repositories read, write 2. Repository type preference prefer, sourcetype 3. Rebuilds in place rebuild 5. File preservation preserve, unpreserve 6. Incorporating release tarballs incorporate 7. The repository list choose, drop, rename -8. Information and reports +8. Information and reports 1. Reports on the DAG list, index, names, stamp, tags, inspect, graph, lint, when 2. Statistics stats, count, sizes 3. Examining tree states manifest, checkout, diff -9. Surgical Operations +9. Surgical Operations 1. Commit deletion squash, delete 2. Commit mutation merge, unmerge, reparent, split, add, remove, tagify, reorder 3. Branches branch, branchlift, debranch @@ -78,26 +78,26 @@ reposurgeon% help 7. Path reports and modifications path, setperm 8. Timequakes and time offsets timequake, timeoffset 9. Miscellanea renumber, transcode -10. Artifact handling +10. Artifact handling 1. Attributions authors 2. Ignore patterns ignores 3. Reference lifting references, legacy 4. Changelogs changelogs 5. Clique coalescence coalesce 11. Control Options options*, set, clear -12. Scripting and debugging support +12. Scripting and debugging support 1. Variables, macros, and scripts assign, unassign, define, do, undefine, script, print 2. Housekeeping gc 3. Diagnostics log, logfile 4. Debugging resolve, version, hash, sizeof, strip 5. Profiling elapsed, timing, readlimit, memory, profile, exit -Starred topics are not commands. -reposurgeon% +Starred topics are not commands. +reposurgeon% ``` You can also create your own script and execute is later. The simplest think you can do is: -```s +````s reposurgeon "read ." lint ```s @@ -122,7 +122,7 @@ Let's first create an empty repo: mkdir /tmp/remove-commits-example cd /tmp/remove-commits-example git init -``` +```` Now we can add some commits. In order to simplify the example the commits we want to delete start with the prefix `drop`. @@ -166,9 +166,9 @@ reposurgeon "script remove-commits.rs" All the lines are self-explaining except maybe for the commit deletion one: `/drop/c delete`. -The deletion command format is: `{SELECTION} delete` where [SELECTION](http://www.catb.org/~esr/reposurgeon/repository-editing.html#selections) defines what you want to delete. That is very common for reposurgeon commands. The selection argument allows you to define which internal objects you want to act on. There are different types of selections. One of them it a "text search" which is a regular expression. +The deletion command format is: `{SELECTION} delete` where [SELECTION](http://www.catb.org/~esr/reposurgeon/repository-editing.html#selections) defines what you want to delete. That is very common for reposurgeon commands. The selection argument allows you to define which internal objects you want to act on. There are different types of selections. One of them it a "text search" which is a regular expression. ->A text search normally matches against the comment fields of commits and annotated tags, or against their author/committer names, or against the names of tags; also the text of passthrough objects. +> A text search normally matches against the comment fields of commits and annotated tags, or against their author/committer names, or against the names of tags; also the text of passthrough objects. In our case the selection `/drop/` means that we want to search for all objects containing the word `drop`. @@ -190,4 +190,4 @@ Another side effect you might have is losing the commit signature. - [reposurgeon](http://www.catb.org/~esr/reposurgeon/) - [reposurgeon - commit deletion](http://www.catb.org/~esr/reposurgeon/repository-editing.html#deletion) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md b/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md index b03fcdd..0bc0748 100644 --- a/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md +++ b/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md @@ -25,18 +25,18 @@ Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Jun 7 00:35:52 2022 +0000 build(deps): bump actions/setup-node from 3.2.0 to 3.3.0 - + Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.2.0...v3.3.0) - + --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... - + Signed-off-by: dependabot[bot] ``` @@ -66,7 +66,8 @@ Date: Tue Jun 7 00:35:52 2022 +0000 ... ``` -This time you see this message: +This time you see this message: + ```s gpg - Good signature from "GitHub (web-flow commit signing) ... ``` @@ -81,13 +82,13 @@ There is NO WARRANTY, to the extent permitted by law. pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: unknown validity: unknown [ unknown] (1). GitHub (web-flow commit signing) gpg> trust pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: unknown validity: unknown [ unknown] (1). GitHub (web-flow commit signing) @@ -105,7 +106,7 @@ Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: ultimate validity: unknown [ unknown] (1). GitHub (web-flow commit signing) Please note that the shown key validity is not necessarily correct @@ -134,4 +135,4 @@ If you want to know more [about validating other keys on your public keyring](ht - [Validating other keys on your public keyring](https://www.gnupg.org/gph/en/manual/x334.html) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/012_How-github-actions-can-get-access-to-secrets.md b/src/posts/012_How-github-actions-can-get-access-to-secrets.md index 17626bb..0f18ad6 100644 --- a/src/posts/012_How-github-actions-can-get-access-to-secrets.md +++ b/src/posts/012_How-github-actions-can-get-access-to-secrets.md @@ -36,10 +36,10 @@ As far as we know that's only possible because the action can also get a secret For example, in the GitHub [actions/checkout@v2](https://github.com/actions/checkout) action, you can pass the token as an implicit input, but if you do not pass it, the actions will take it from the context and set it as a default value. You can see how the [default value is taken from the context](https://github.com/actions/checkout/blob/2541b1294d2704b0964813337f33b291d3f8596b/action.yml#L24). ```yml - token: - description: > - ... - default: ${{ github.token }} +token: + description: > + ... + default: ${{ github.token }} ``` That is something not well documented. You can use contexts not only in the workflow `yml` files but also in the `action.yml` files. @@ -279,7 +279,7 @@ The documentation says the secrets are deleted from memory when the job is done. > Although GitHub Actions scrubs secrets from memory that are not referenced in the workflow (or an included action), the GITHUB_TOKEN and any referenced secrets can be harvested by a determined attacker. -*It's best to assume that a malicious action has access to any secrets or information that the runner has for that a job - regardless of if the secrets are on disk or in memory. Actions are not sandboxed within a workflow job, the security boundary is only between jobs/runs.* +_It's best to assume that a malicious action has access to any secrets or information that the runner has for that a job - regardless of if the secrets are on disk or in memory. Actions are not sandboxed within a workflow job, the security boundary is only between jobs/runs._ See [accessing secrets](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#accessing-secrets). @@ -293,4 +293,4 @@ See [accessing secrets](https://docs.github.com/en/actions/security-guides/secur Thank to [Constantin Bosse](https://github.com/cgbosse) and [Stephen Hosom](https://github.com/hosom) who carefully review the [original version of this article](https://github.com/Nautilus-Cyberneering/github-actions-secrets/pull/4). -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md b/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md index 41cb4de..e20187d 100644 --- a/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md +++ b/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md @@ -181,4 +181,4 @@ Thank to [Constantin Bosse](https://github.com/cgbosse) and [Stephen Hosom](http > > [Nicolas Vuillamy](https://github.com/nvuillam) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/014_How-to-use-Git-as-a-database.md b/src/posts/014_How-to-use-Git-as-a-database.md index 97a9ee3..ebff01e 100644 --- a/src/posts/014_How-to-use-Git-as-a-database.md +++ b/src/posts/014_How-to-use-Git-as-a-database.md @@ -182,7 +182,7 @@ git commit --no-gpg-sign -m "add object-1.txt" You can get the object with: ```s -git checkout my-objects-object-1 && cat object-1.txt +git checkout my-objects-object-1 && cat object-1.txt ``` But actually the object value is accessible directly just like an standard file. All you need to do is `checkout` the reference (the branch) we are using to store the object. @@ -216,7 +216,7 @@ This model uses an orphan branch for each object. An "orphan" branch is a branch

How to solve race conditions

-We have seen two possible models to use Git to store your data as a key-value database. But does this database implementation offer you a way to handle race conditions? +We have seen two possible models to use Git to store your data as a key-value database. But does this database implementation offer you a way to handle race conditions? At some point, you are going to have two processes reading the same object and trying to update it at the same time. One of them is going to overwrite a previous value. @@ -275,10 +275,10 @@ Now we can increment the counter with the first process and `push` the new value ```s cd /tmp/my-counters-process-1 git checkout my-counters-counter-1 -echo "1" > counter-1.txt +echo "1" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 1" -echo "2" > counter-1.txt +echo "2" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 2" cat counter-1.txt @@ -325,7 +325,7 @@ You have updated the `origin` (our database) with a new value. Now, if you try t ```s cd /tmp/my-counters-process-2 git checkout my-counters-counter-1 -echo "1" > counter-1.txt +echo "1" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 1" cat counter-1.txt @@ -388,7 +388,7 @@ Fortunately, Git has a `push` option “--atomic” that does exactly that: "Eit So you could do something like: ```s -git push --atomic origin refs/heads/my-counters-counter-1 refs/heads/my-counters-counter-2 +git push --atomic origin refs/heads/my-counters-counter-1 refs/heads/my-counters-counter-2 ``` More info about Atomic pushes: @@ -423,4 +423,4 @@ More info about Atomic pushes: - [Git Pro - Chapter 5.3 - Maintaining a Project - Section Tagging Your Releases](https://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project) -[Back to home](/) \ No newline at end of file +[Back to home](/) diff --git a/src/posts/curated-resources.md b/src/posts/curated-resources.md index 3064f26..3f0efda 100644 --- a/src/posts/curated-resources.md +++ b/src/posts/curated-resources.md @@ -65,7 +65,7 @@ Index: ### Great Resource (Git) -- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub +- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub - [Awesome List of resources for Git and Github](https://project-awesome.org/phillipadsmith/awesome-github) ### Books (Git) @@ -101,11 +101,11 @@ GitHub is an online platform service so that in essence you do not need to insta ### Great Resource (GitHub) -- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub +- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub - [Awesome List of resources for Git and Github](https://project-awesome.org/phillipadsmith/awesome-github) ### Books - [Git Essentials](https://www.amazon.com/GitHub-Essentials-collaborative-development-workflows/dp/1789138337/ref=sr_1_19?__mk_es_US=%C3%85M%C3%85%C5%BD%C3%95%C3%91&crid=WONZH23LUI7&keywords=github&qid=1655454439&sprefix=githu%2Caps%2C192&sr=8-19) -[Back to home](./index.md) \ No newline at end of file +[Back to home](./index.md) diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index aa653fd..2bd6668 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -1,37 +1,37 @@ -
-
-
- -
-
+
+
+ +
+
\ No newline at end of file + @media (min-width: 1440px) { + .layout { + padding-inline: 0; + } + } + diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte index c3b37fe..1d852ca 100644 --- a/src/routes/+page.svelte +++ b/src/routes/+page.svelte @@ -1,110 +1,118 @@ - - {config.title} + {config.title}
- - -
-
- group of people talking - group of people talking with laptops -
-
-

Articles

-
    - {#each data.posts as post} -
  • - {post.title} -
    • - {/each} -
-
-
- + + +
+
+ group of people talking + group of people talking with laptops +
+
+

Articles

+
    + {#each data.posts as post} +
  • + {post.title} +
    • + {/each} +
+
+
+
diff --git a/src/routes/+page.ts b/src/routes/+page.ts index 86b5254..80e8e7f 100644 --- a/src/routes/+page.ts +++ b/src/routes/+page.ts @@ -1,7 +1,7 @@ -import type { Post } from '$lib/types' +import type { Post } from '$lib/types'; -export async function load({fetch}){ - const response = await fetch('api/posts') - const posts: Post[] = await response.json() - return {posts} -} \ No newline at end of file +export async function load({ fetch }) { + const response = await fetch('api/posts'); + const posts: Post[] = await response.json(); + return { posts }; +} diff --git a/src/routes/[slug]/+page.svelte b/src/routes/[slug]/+page.svelte index 1a4bcbe..d44d2e4 100644 --- a/src/routes/[slug]/+page.svelte +++ b/src/routes/[slug]/+page.svelte @@ -1,37 +1,37 @@ - - {data.meta.title} - - + {data.meta.title} + +
-
-

{data.meta.title}

-

Published {formatDate(data.meta.date)}

-
+
+

{data.meta.title}

+

Published {formatDate(data.meta.date)}

+
-
- -
+
+ +
\ No newline at end of file + h1 + p { + margin-top: var(--size-2); + color: var(--text-2); + } + diff --git a/src/routes/[slug]/+page.ts b/src/routes/[slug]/+page.ts index cde957a..33339cf 100644 --- a/src/routes/[slug]/+page.ts +++ b/src/routes/[slug]/+page.ts @@ -1,14 +1,14 @@ -import {error} from '@sveltejs/kit' +import { error } from '@sveltejs/kit'; -export async function load({params}){ - try{ - const post = await import(`../../posts/${params.slug}.md`) - - return { - content: post.default, - meta: post.metadata - } - } catch(e){ - throw error(404, `Could not find ${params.slug}`) - } -} \ No newline at end of file +export async function load({ params }) { + try { + const post = await import(`../../posts/${params.slug}.md`); + + return { + content: post.default, + meta: post.metadata + }; + } catch (e) { + throw error(404, `Could not find ${params.slug}`); + } +} diff --git a/src/routes/api/posts/+server.ts b/src/routes/api/posts/+server.ts index 7a2e08f..1c36eed 100644 --- a/src/routes/api/posts/+server.ts +++ b/src/routes/api/posts/+server.ts @@ -1,30 +1,30 @@ -import type { Post } from '$lib/types' -import { json } from '@sveltejs/kit' +import type { Post } from '$lib/types'; +import { json } from '@sveltejs/kit'; async function getPosts() { - let posts: Post[] = [] + let posts: Post[] = []; - const paths = import.meta.glob('/src/posts/*.md', { eager: true }) + const paths = import.meta.glob('/src/posts/*.md', { eager: true }); for (const path in paths) { - const file = paths[path] - const slug = path.split('/').at(-1)?.replace('.md', '') + const file = paths[path]; + const slug = path.split('/').at(-1)?.replace('.md', ''); - if(file && typeof file === 'object' && 'metadata' in file && slug){ - const metadata = file.metadata as Omit - const post = { ...metadata, slug } satisfies Post - post.published && posts.push(post) - } + if (file && typeof file === 'object' && 'metadata' in file && slug) { + const metadata = file.metadata as Omit; + const post = { ...metadata, slug } satisfies Post; + post.published && posts.push(post); + } } - posts = posts.sort((first, second) => - new Date(second.date).getTime() - new Date(first.date).getTime() - ) + posts = posts.sort( + (first, second) => new Date(second.date).getTime() - new Date(first.date).getTime() + ); - return posts + return posts; } export async function GET() { - const posts = await getPosts() - return json(posts) -} \ No newline at end of file + const posts = await getPosts(); + return json(posts); +} diff --git a/src/routes/contact.svelte b/src/routes/contact.svelte index 343c873..940024b 100644 --- a/src/routes/contact.svelte +++ b/src/routes/contact.svelte @@ -1,54 +1,64 @@
-
-

Suggestions and Contact

-

If you would like to contact us or make any suggestions or comments, please do so either via creating a new issue in our GitHub repository or by emailing us at info@nautilus-cyberneering.de.

-
-
- -
+
+

Suggestions and Contact

+

+ If you would like to contact us or make any suggestions or comments, please do so either via + creating a new issue in our GitHub repository + or by emailing us at + info@nautilus-cyberneering.de. +

+
+
+ +
\ No newline at end of file + .contact { + background-color: #e6e6fa; + padding: 2rem; + margin-top: 1.5rem; + } + + p { + margin-top: 1.5rem; + } + + img { + display: none; + } + + @media (min-width: 768px) { + .contact { + display: flex; + gap: 2rem; + } + + .contact-text { + flex: 1 1 0px; + } + + .contact-img { + flex: 1 1 0px; + } + + img { + display: block; + } + } + + @media (min-width: 1000px) { + h3 { + font-size: 2.2rem; + } + + p { + font-size: 1.5rem; + } + } + diff --git a/src/routes/contribute.svelte b/src/routes/contribute.svelte index e5dda77..650cbea 100644 --- a/src/routes/contribute.svelte +++ b/src/routes/contribute.svelte @@ -1,137 +1,151 @@
-
-
-

We Are All Ears!

-

If you would like to contribute with your experience, have a question or would like to make a correction or suggestion, you are more than welcome. We encourage you to tell us. This is a team effort meant to benefit everyone.

-

If you would like to do so, please go and open a discussion on the topic, challenge you are facing, improvement we could make etc.

-
-
-

How we work:

-
    -
  • A new discussion is opened
    • -
  • We discuss it publicly with you
    • -
  • If it makes a new addition to the guide, we create an issue
    • -
  • You can create the new document or extend or amend an existing one
    • -
  • You can go here to set up a new discussion. We look forward to seeing your work!.
    • -
-
-
- person listening to another person -
-
-
- Get in contact with us! -
+
+
+

We Are All Ears!

+

+ If you would like to contribute with your experience, have a question or would like to make + a correction or suggestion, you are more than welcome. We encourage you to tell us. This is + a team effort meant to benefit everyone. +

+

+ If you would like to do so, please go and open a discussion on the topic, challenge you are + facing, improvement we could make etc. +

+
+
+

How we work:

+
    +
  • A new discussion is opened
    • +
  • We discuss it publicly with you
    • +
  • If it makes a new addition to the guide, we create an issue
    • +
  • You can create the new document or extend or amend an existing one
    • +
  • + You can go here to set up a new discussion. We look forward to seeing your work!. +
    • +
+
+
+ person listening to another person +
+
+
+ Get in contact with us! +
\ No newline at end of file + .contribute-section { + margin-top: var(--size-7); + } + + .contribute-main { + background-color: lightpink; + text-align: center; + } + + .contribute-main p:nth-child(3) { + padding-bottom: 2rem; + } + + .contribute-main-heading { + margin: 0 auto; + font-size: 1.7rem; + padding-top: 2rem; + } + + .contribute-main-text { + padding-inline: 2rem; + padding-top: 1rem; + margin: 0 auto; + text-align: justify; + } + + .contribute-list { + background-color: linen; + padding: 1.5rem 2rem; + } + + .contribute-list-list { + list-style: inside; + margin-top: 1.5rem; + } + + .contribute-list-heading { + margin: 0 auto; + text-align: center; + font-size: 1.7rem; + } + + .contribute-image { + display: none; + } + + .contribute-link-div { + background-color: lightblue; + padding: 1rem; + text-decoration: none; + text-align: center; + } + + .contribute-link { + text-decoration: none; + color: #000; + font-size: 1.1rem; + } + + .contribute-link:hover { + text-decoration: underline; + color: var(--surface-1); + } + + @media (min-width: 769px) { + .contribute-main-text { + font-size: 1.3rem; + } + + .contribute-list-list { + font-size: 1.3rem; + } + } + + @media (min-width: 1000px) { + .contribute-grid { + display: grid; + grid-template-columns: repeat(3, 1fr); + grid-template-rows: repeat(2, 1fr); + } + + .contribute-main { + grid-area: 1 / 2 / 3 / 3; + } + + .contribute-list-heading { + padding-top: 0.4rem; + } + + .contribute-list { + grid-area: 1 / 1 / 3 / 2; + } + + .contribute-image { + display: block; + grid-area: 1 / 3 / 3 / 4; + } + + .contribute-image img { + border-radius: 0px; + object-fit: cover; + width: 100%; + height: 100%; + } + + .contribute-link { + font-size: 1.4rem; + } + } + diff --git a/src/routes/footer.svelte b/src/routes/footer.svelte index 6fdabe2..060877e 100644 --- a/src/routes/footer.svelte +++ b/src/routes/footer.svelte @@ -1,20 +1,20 @@
-

{config.title} © {new Date().getFullYear()}

+

{config.title} © {new Date().getFullYear()}

\ No newline at end of file + p { + color: var(--text-2); + text-align: center; + margin: 0 auto; + } + diff --git a/src/routes/header.svelte b/src/routes/header.svelte index 7edf519..2731793 100644 --- a/src/routes/header.svelte +++ b/src/routes/header.svelte @@ -1,56 +1,55 @@ \ No newline at end of file + nav { + display: flex; + justify-content: space-between; + padding-block: var(--size-7); + } + + .links { + display: flex; + gap: var(--size-7); + list-style: none; + padding: 0; + } + + a { + color: inherit; + text-decoration: none; + font-size: 1.2rem; + } + + .links a:hover { + color: var(--surface-9); + } + + @media (min-width: 768px) { + nav { + margin-inline: var(--size-7); + } + + .links { + margin-block: 0; + } + } + diff --git a/src/routes/hero.svelte b/src/routes/hero.svelte index d5fc966..5fd1333 100644 --- a/src/routes/hero.svelte +++ b/src/routes/hero.svelte @@ -1,94 +1,98 @@
-
- secure git guide logo -
-
-
-

- Here we attempt to help any developer to use GIT and GitHub more securely. Any challenges that we are facing in terms of security will be registered here. You will find information on how to use GIT securely in development work. This guide is the result of our team actively developing a pure GIT/GitHub infrastructure for repository optimization and automation during which we encountered security challenges. -

-
-
-
-

Topics that are covered among others:

-
-
    -
  • GPG and how we use it for projects.
    • -
  • GPG basic and more advanced uses in relation to GIT and GitHub.
    • -
  • GitHub secrets, tokens, etc.
    • -
  • GIT vs GitHub differences.
    • -
  • etc.
    • -
-
-
+
+ secure git guide logo +
+
+
+

+ Here we attempt to help any developer to use GIT and GitHub more securely. Any challenges + that we are facing in terms of security will be registered here. You will find information + on how to use GIT securely in development work. This guide is the result of our team + actively developing a pure GIT/GitHub infrastructure for repository optimization and + automation during which we encountered security challenges. +

+
+
+
+

Topics that are covered among others:

+
+
    +
  • GPG and how we use it for projects.
    • +
  • GPG basic and more advanced uses in relation to GIT and GitHub.
    • +
  • GitHub secrets, tokens, etc.
    • +
  • GIT vs GitHub differences.
    • +
  • etc.
    • +
+
+
\ No newline at end of file + .hero-topics-list { + font-size: 1.4rem; + flex: 1 1 0px; + } + } + diff --git a/src/routes/toggle.svelte b/src/routes/toggle.svelte index 2f4721a..82f7624 100644 --- a/src/routes/toggle.svelte +++ b/src/routes/toggle.svelte @@ -1,35 +1,35 @@ - \ No newline at end of file + button > * { + display: flex; + gap: var(--size-2); + } + diff --git a/static/docs/001_GPG-What-is-GPG.md b/static/docs/001_GPG-What-is-GPG.md index 87be8b4..b1a3838 100644 --- a/static/docs/001_GPG-What-is-GPG.md +++ b/static/docs/001_GPG-What-is-GPG.md @@ -45,5 +45,5 @@ More recent releases of GnuPG 2.x ("modern" and the now deprecated "stable" seri --- Note: Source [WIKIPEDIA](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) - + [Back to home](./index.md) diff --git a/static/docs/002_GPG-Why-we-use-GPG.md b/static/docs/002_GPG-Why-we-use-GPG.md index d42f16a..c22fb11 100644 --- a/static/docs/002_GPG-Why-we-use-GPG.md +++ b/static/docs/002_GPG-Why-we-use-GPG.md @@ -20,17 +20,17 @@ It is the preferred option by our team members. For authentication, certification and signing the receiving end can verify that the content is from you, having your public key. On the other hand, if the other party wants to send you something only for you, they will use your public encryption key in combination with their own private key to sign and certify the content. Such content can only be decrypted using your own private key, and by having their public key you will know that it is from them. -***First advantage:*** +**_First advantage:_** If someone sends to you something encrypted, meant only for you, you will be the only one capable of decrypting it. ->"All right but why now, so many keys?" +> "All right but why now, so many keys?" Essentially there is one primary key, which is typically used only for signing and certification, and a subkey signed by the primary key for encryption. However, you can have one for each of the usages if you wanted. -***Second advantage:*** +**_Second advantage:_** - Each subkey when used is transmitted at the same time, but if compromised it can be revoked individually and a new key generated while keeping your primary key valid. It makes it easier to manage your keys and split them for the different purposes you want to use them. +Each subkey when used is transmitted at the same time, but if compromised it can be revoked individually and a new key generated while keeping your primary key valid. It makes it easier to manage your keys and split them for the different purposes you want to use them. ### Disadvantage diff --git a/static/docs/003-GPG-101-How-to-get-your-first-GPG-Keys.md b/static/docs/003-GPG-101-How-to-get-your-first-GPG-Keys.md index be1f2d5..8f61a1b 100644 --- a/static/docs/003-GPG-101-How-to-get-your-first-GPG-Keys.md +++ b/static/docs/003-GPG-101-How-to-get-your-first-GPG-Keys.md @@ -7,9 +7,9 @@ The steps to install GPG on your computer are the following: 1. Download the necessary software for your Operating System at: - - [Windows](https://gpg4win.org/download.html) - - [Linux - Installed through terminal](https://linuxhint.com/gpg-command-ubuntu/) - - [Mac OS](https://sourceforge.net/p/gpgosx/docu/Download/) + - [Windows](https://gpg4win.org/download.html) + - [Linux - Installed through terminal](https://linuxhint.com/gpg-command-ubuntu/) + - [Mac OS](https://sourceforge.net/p/gpgosx/docu/Download/) ## GPG4Win Kleopatra @@ -69,6 +69,7 @@ Here is a series of screenshots of the process using the Kleopatra application f ### Creating a Revocation Certificate --- + (1) ![012](./media/003/KLEO_CREATE_012.png) @@ -101,6 +102,7 @@ In order to generate your new keys you have two options: ### Default Setup --- + Open the command line as an admin and type: ```terminal diff --git a/static/docs/005_GPG-Best-Practices.md b/static/docs/005_GPG-Best-Practices.md index 4b77068..4070f61 100644 --- a/static/docs/005_GPG-Best-Practices.md +++ b/static/docs/005_GPG-Best-Practices.md @@ -20,7 +20,7 @@ This basis structure was chosen upon the thought that the keys used for Encrypti However, in many cases this is not what the user would want if given the choice. -### Why is this not optimal? +### Why is this not optimal? The default set-up leaves still some space for improvement. This is because it does not take advantage of the possibility to create individual sub-keys for each capability. @@ -39,6 +39,7 @@ If you do not do this, you probably will end up someday with your primary key co ### How to create further sub-keys --- + ![IMAGE](https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg) In order to create additional sub-keys, you need to use the GPG command-line interface. @@ -49,23 +50,23 @@ I base the following summary of steps in the command line interface on his work. 1. Type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 2. In the list you get an overview of all the primary key and its existing sub-keys. You will copy the second line of your public key made up of 10 pairs of 4 numbers and or letters. 3. Using the noted public key type: - ```terminal - gpg --edit-key - ``` + ```terminal + gpg --edit-key + ``` 4. You will get a display of their associated private key and a new prompt so type: - ```terminal - addkey - ``` + ```terminal + addkey + ``` 5. Select your applicable key, most likely option **(4) RSA (sign only)** @@ -77,30 +78,31 @@ I base the following summary of steps in the command line interface on his work. 9. To see the equivalent public keys for export type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 10. You should now see the new sub-key and the changed primary key rights. ### Removing primary key rights --- + The last step to finish this is to remove all capabilities except the "certify" capability from the primary key. For this, you will continue using the command line but using the "expert" mode. 1. Type: - ```terminal - gpg --expert --edit-key - ``` + ```terminal + gpg --expert --edit-key + ``` 2. You will get an overview of the primary key's rights. 3. Type: - ```terminal - change-usage - ``` + ```terminal + change-usage + ``` 4. Use the toggle option taking away the rights for which you already have created the new sub-key. @@ -110,22 +112,23 @@ The last step to finish this is to remove all capabilities except the "certify" 7. Type: - ```terminal - gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints - ``` + ```terminal + gpg --list-keys --fingerprint --with-keygrip --with-subkey-fingerprints + ``` 8. You will see the new public key rights where you should only see the "c" option for certify at the "pub" key. ### Configuring Git with your new key --- + In order to set up your new key for signing your commits you have to follow these steps: 1. In the command prompt type: - ```terminal - git config --global --edit - ``` + ```terminal + git config --global --edit + ``` 2. This will open the git config file in your default editor. In my case it opens it in Visual Code. @@ -138,21 +141,25 @@ In order to set up your new key for signing your commits you have to follow thes ### Always use a Passphrase :exclamation --- + When creating the set of keys you are asked for a passphrase. Set it and remember it or even better write it down somewhere. This is another safety measure but it is essential. ### Backing up Your Revocation Certificate :exclamation --- + **_Make sure that you keep a backup of your revocation certificate or that you print it out and store it somewhere safe in case that you were to have to use it._** ### Rotating Your Encryption Keys :exclamation --- + This being one of the most used capabilities. It is recommended that you rotate these keys to prevent anyone to have access to any of your encrypted information, creating for example new keys in events such as computer change, etc. It is important though to back these up in the event that you were to have files encrypted with these. ### Setting an Expiration Date :exclamation --- + Another good idea is to set an expiration date not too far in the future in case that you were to not be able to revoke your certificate due to having lost your revocation certificate. [Back to home](./index.md) diff --git a/static/docs/007_Curated-List-of-Resources.md b/static/docs/007_Curated-List-of-Resources.md index 1320ff6..1dc63e7 100644 --- a/static/docs/007_Curated-List-of-Resources.md +++ b/static/docs/007_Curated-List-of-Resources.md @@ -60,7 +60,7 @@ Index: ### Great Resource (Git) -- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub +- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub - [Awesome List of resources for Git and Github](https://project-awesome.org/phillipadsmith/awesome-github) ### Books (Git) @@ -96,7 +96,7 @@ GitHub is an online platform service so that in essence you do not need to insta ### Great Resource (GitHub) -- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub +- [Git Magic Resource](http://www-cs-students.stanford.edu/~blynn/gitmagic/) (Very extensive and documented) covers Git to some extent and focuses GitHub - [Awesome List of resources for Git and Github](https://project-awesome.org/phillipadsmith/awesome-github) ### Books diff --git a/static/docs/008_GPG-How-to-create-a-subkey-for-signing.md b/static/docs/008_GPG-How-to-create-a-subkey-for-signing.md index 3e48799..5b1f474 100644 --- a/static/docs/008_GPG-How-to-create-a-subkey-for-signing.md +++ b/static/docs/008_GPG-How-to-create-a-subkey-for-signing.md @@ -41,7 +41,7 @@ sub rsa4096 2021-11-19 [E] The meaning for the letters inside brackets are the [GPG key capabilities](https://github.com/gpg/gnupg/blob/master/doc/DETAILS#field-12---key-capabilities): | Character | Capability | -|-----------|----------------| +| --------- | -------------- | | S | Sign | | C | Certify | | E | Encrypt | @@ -59,10 +59,10 @@ There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E [ultimate] (1). A committer gpg> addkey @@ -82,7 +82,7 @@ Please specify how long the key should be valid. w = key expires in n weeks m = key expires in n months y = key expires in n years -Key is valid for? (0) +Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y Really create? (y/N) y @@ -92,12 +92,12 @@ disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> save @@ -139,19 +139,19 @@ There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: SC + created: 2021-11-19 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> change-usage Changing usage of the primary key. -Possible actions for a RSA key: Sign Certify Encrypt Authenticate -Current allowed actions: Sign Certify +Possible actions for a RSA key: Sign Certify Encrypt Authenticate +Current allowed actions: Sign Certify (S) Toggle the sign capability (E) Toggle the encrypt capability @@ -160,8 +160,8 @@ Current allowed actions: Sign Certify Your selection? S -Possible actions for a RSA key: Sign Certify Encrypt Authenticate -Current allowed actions: Certify +Possible actions for a RSA key: Sign Certify Encrypt Authenticate +Current allowed actions: Certify (S) Toggle the sign capability (E) Toggle the encrypt capability @@ -171,12 +171,12 @@ Current allowed actions: Certify Your selection? Q sec rsa4096/27304EDD6079B81C - created: 2021-11-19 expires: never usage: C + created: 2021-11-19 expires: never usage: C trust: ultimate validity: ultimate ssb rsa4096/5B6BDD35BEDFBF6F - created: 2021-11-19 expires: never usage: E + created: 2021-11-19 expires: never usage: E ssb rsa4096/3F39AA1432CA6AD7 - created: 2021-11-26 expires: never usage: S + created: 2021-11-26 expires: never usage: S [ultimate] (1). A committer gpg> save diff --git a/static/docs/009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md b/static/docs/009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md index 2fa3ec4..f169606 100644 --- a/static/docs/009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md +++ b/static/docs/009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md @@ -73,10 +73,10 @@ There is NO WARRANTY, to the extent permitted by law. Secret subkeys are available. pub rsa3072/B5B58E7CA8F56B98 - created: 2022-03-03 expires: never usage: C + created: 2022-03-03 expires: never usage: C trust: unknown validity: unknown ssb rsa3072/FC47DBB5210FB475 - created: 2022-03-03 expires: never usage: S + created: 2022-03-03 expires: never usage: S [ unknown] (1). Test User gpg> passwd gpg: key B5B58E7CA8F56B98/B5B58E7CA8F56B98: error changing passphrase: No secret key diff --git a/static/docs/010_GPG-Git-commits-partially-verified.md b/static/docs/010_GPG-Git-commits-partially-verified.md index 4a5547d..d0c6872 100644 --- a/static/docs/010_GPG-Git-commits-partially-verified.md +++ b/static/docs/010_GPG-Git-commits-partially-verified.md @@ -309,7 +309,7 @@ If we were using GPG signatures, we would have only the committer signature on e On GitHub documentation, you can read: ->"The rebase and merge behavior on GitHub deviates slightly from Git rebase. Rebase and merge on GitHub will always update the committer information and create new commit SHAs, whereas Git rebase outside of GitHub does not change the committer information when the rebase happens on top of an ancestor commit. For more information about Git rebase, see git-rebase in the Git documentation." +> "The rebase and merge behavior on GitHub deviates slightly from Git rebase. Rebase and merge on GitHub will always update the committer information and create new commit SHAs, whereas Git rebase outside of GitHub does not change the committer information when the rebase happens on top of an ancestor commit. For more information about Git rebase, see git-rebase in the Git documentation." When it is possible to merge with fast-forward, Git will not change the original committer info. If you rerun the merge example using rebase with fast-forward: diff --git a/static/docs/011_How-to-remove-commits-by-commit-message.md b/static/docs/011_How-to-remove-commits-by-commit-message.md index d96af03..ab49676 100644 --- a/static/docs/011_How-to-remove-commits-by-commit-message.md +++ b/static/docs/011_How-to-remove-commits-by-commit-message.md @@ -46,24 +46,24 @@ Reposurgeon has two modes: interactive and non-interactive. If you execute repos ```s $ reposurgeon reposurgeon% help -6. The Command Interpreter +6. The Command Interpreter 1. Command syntax syntax* 2. Finding your way around help, history, shell, quit 3. Regular Expressions regexp* 4. Selection syntax selection*, functions* 5. Redirection and shell-like features redirection* -7. Import and Export +7. Import and Export 1. Reading and writing repositories read, write 2. Repository type preference prefer, sourcetype 3. Rebuilds in place rebuild 5. File preservation preserve, unpreserve 6. Incorporating release tarballs incorporate 7. The repository list choose, drop, rename -8. Information and reports +8. Information and reports 1. Reports on the DAG list, index, names, stamp, tags, inspect, graph, lint, when 2. Statistics stats, count, sizes 3. Examining tree states manifest, checkout, diff -9. Surgical Operations +9. Surgical Operations 1. Commit deletion squash, delete 2. Commit mutation merge, unmerge, reparent, split, add, remove, tagify, reorder 3. Branches branch, branchlift, debranch @@ -73,26 +73,26 @@ reposurgeon% help 7. Path reports and modifications path, setperm 8. Timequakes and time offsets timequake, timeoffset 9. Miscellanea renumber, transcode -10. Artifact handling +10. Artifact handling 1. Attributions authors 2. Ignore patterns ignores 3. Reference lifting references, legacy 4. Changelogs changelogs 5. Clique coalescence coalesce 11. Control Options options*, set, clear -12. Scripting and debugging support +12. Scripting and debugging support 1. Variables, macros, and scripts assign, unassign, define, do, undefine, script, print 2. Housekeeping gc 3. Diagnostics log, logfile 4. Debugging resolve, version, hash, sizeof, strip 5. Profiling elapsed, timing, readlimit, memory, profile, exit -Starred topics are not commands. -reposurgeon% +Starred topics are not commands. +reposurgeon% ``` You can also create your own script and execute is later. The simplest think you can do is: -```s +````s reposurgeon "read ." lint ```s @@ -117,7 +117,7 @@ Let's first create an empty repo: mkdir /tmp/remove-commits-example cd /tmp/remove-commits-example git init -``` +```` Now we can add some commits. In order to simplify the example the commits we want to delete start with the prefix `drop`. @@ -161,9 +161,9 @@ reposurgeon "script remove-commits.rs" All the lines are self-explaining except maybe for the commit deletion one: `/drop/c delete`. -The deletion command format is: `{SELECTION} delete` where [SELECTION](http://www.catb.org/~esr/reposurgeon/repository-editing.html#selections) defines what you want to delete. That is very common for reposurgeon commands. The selection argument allows you to define which internal objects you want to act on. There are different types of selections. One of them it a "text search" which is a regular expression. +The deletion command format is: `{SELECTION} delete` where [SELECTION](http://www.catb.org/~esr/reposurgeon/repository-editing.html#selections) defines what you want to delete. That is very common for reposurgeon commands. The selection argument allows you to define which internal objects you want to act on. There are different types of selections. One of them it a "text search" which is a regular expression. ->A text search normally matches against the comment fields of commits and annotated tags, or against their author/committer names, or against the names of tags; also the text of passthrough objects. +> A text search normally matches against the comment fields of commits and annotated tags, or against their author/committer names, or against the names of tags; also the text of passthrough objects. In our case the selection `/drop/` means that we want to search for all objects containing the word `drop`. diff --git a/static/docs/012_How-to-import-the-dependabot-gpg-public-key.md b/static/docs/012_How-to-import-the-dependabot-gpg-public-key.md index ccc9c4a..43539a0 100644 --- a/static/docs/012_How-to-import-the-dependabot-gpg-public-key.md +++ b/static/docs/012_How-to-import-the-dependabot-gpg-public-key.md @@ -20,18 +20,18 @@ Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Jun 7 00:35:52 2022 +0000 build(deps): bump actions/setup-node from 3.2.0 to 3.3.0 - + Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.2.0...v3.3.0) - + --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... - + Signed-off-by: dependabot[bot] ``` @@ -73,13 +73,13 @@ There is NO WARRANTY, to the extent permitted by law. pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: unknown validity: unknown [ unknown] (1). GitHub (web-flow commit signing) gpg> trust pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: unknown validity: unknown [ unknown] (1). GitHub (web-flow commit signing) @@ -97,7 +97,7 @@ Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y pub rsa2048/4AEE18F83AFDEB23 - created: 2017-08-16 expires: never usage: SC + created: 2017-08-16 expires: never usage: SC trust: ultimate validity: unknown [ unknown] (1). GitHub (web-flow commit signing) Please note that the shown key validity is not necessarily correct diff --git a/static/docs/013_How-github-actions-can-get-access-to-secrets.md b/static/docs/013_How-github-actions-can-get-access-to-secrets.md index 51fab04..526de6c 100644 --- a/static/docs/013_How-github-actions-can-get-access-to-secrets.md +++ b/static/docs/013_How-github-actions-can-get-access-to-secrets.md @@ -31,10 +31,10 @@ As far as we know that's only possible because the action can also get a secret For example, in the GitHub [actions/checkout@v2](https://github.com/actions/checkout) action, you can pass the token as an implicit input, but if you do not pass it, the actions will take it from the context and set it as a default value. You can see how the [default value is taken from the context](https://github.com/actions/checkout/blob/2541b1294d2704b0964813337f33b291d3f8596b/action.yml#L24). ```yml - token: - description: > - ... - default: ${{ github.token }} +token: + description: > + ... + default: ${{ github.token }} ``` That is something not well documented. You can use contexts not only in the workflow `yml` files but also in the `action.yml` files. @@ -106,7 +106,7 @@ We have also create an [embedded TypeScript action](https://github.com/Nautilus- This is the [workflow output](https://github.com/Nautilus-Cyberneering/github-actions-secrets/actions/workflows/test-typescript-print-env-action.yml): -/*spell-checker: disable*/ +/_spell-checker: disable_/ ```s CI=true @@ -206,7 +206,7 @@ ACTIONS_RUNTIME_TOKEN=*** ACTIONS_CACHE_URL=https://artifactcache.actions.githubusercontent.com/J2bBGbKRuIqd1wfytSShy42Isw56QMlCsoBc38NVOsni9X2pHC/ ``` -/*spell-checker: enable*/ +/_spell-checker: enable_/ ## Default permissions for GitHub token @@ -278,7 +278,7 @@ The documentation says the secrets are deleted from memory when the job is done. > Although GitHub Actions scrubs secrets from memory that are not referenced in the workflow (or an included action), the GITHUB_TOKEN and any referenced secrets can be harvested by a determined attacker. -*It's best to assume that a malicious action has access to any secrets or information that the runner has for that a job - regardless of if the secrets are on disk or in memory. Actions are not sandboxed within a workflow job, the security boundary is only between jobs/runs.* +_It's best to assume that a malicious action has access to any secrets or information that the runner has for that a job - regardless of if the secrets are on disk or in memory. Actions are not sandboxed within a workflow job, the security boundary is only between jobs/runs._ See [accessing secrets](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#accessing-secrets). diff --git a/static/docs/015_How-to-use-Git-as-a-database.md b/static/docs/015_How-to-use-Git-as-a-database.md index 437bc46..b576395 100644 --- a/static/docs/015_How-to-use-Git-as-a-database.md +++ b/static/docs/015_How-to-use-Git-as-a-database.md @@ -181,7 +181,7 @@ git commit --no-gpg-sign -m "add object-1.txt" You can get the object with: ```s -git checkout my-objects-object-1 && cat object-1.txt +git checkout my-objects-object-1 && cat object-1.txt ``` But actually the object value is accessible directly just like an standard file. All you need to do is `checkout` the reference (the branch) we are using to store the object. @@ -215,7 +215,7 @@ This model uses an orphan branch for each object. An "orphan" branch is a branch ## How to solve race conditions -We have seen two possible models to use Git to store your data as a key-value database. But does this database implementation offer you a way to handle race conditions? +We have seen two possible models to use Git to store your data as a key-value database. But does this database implementation offer you a way to handle race conditions? At some point, you are going to have two processes reading the same object and trying to update it at the same time. One of them is going to overwrite a previous value. @@ -274,10 +274,10 @@ Now we can increment the counter with the first process and `push` the new value ```s cd /tmp/my-counters-process-1 git checkout my-counters-counter-1 -echo "1" > counter-1.txt +echo "1" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 1" -echo "2" > counter-1.txt +echo "2" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 2" cat counter-1.txt @@ -324,7 +324,7 @@ You have updated the `origin` (our database) with a new value. Now, if you try t ```s cd /tmp/my-counters-process-2 git checkout my-counters-counter-1 -echo "1" > counter-1.txt +echo "1" > counter-1.txt git add . git commit --no-gpg-sign -m "increment counter-1 to 1" cat counter-1.txt @@ -387,7 +387,7 @@ Fortunately, Git has a `push` option “--atomic” that does exactly that: "Eit So you could do something like: ```s -git push --atomic origin refs/heads/my-counters-counter-1 refs/heads/my-counters-counter-2 +git push --atomic origin refs/heads/my-counters-counter-1 refs/heads/my-counters-counter-2 ``` More info about Atomic pushes: