From d10cb568aea15bce95482512b61db716921b89d8 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 9 Jun 2026 15:22:31 +0300 Subject: [PATCH 1/7] docs: add PR template Signed-off-by: darknesod --- .github/pull_request_template.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..31bd5ea6b --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,26 @@ +\## Goal + + + + + +\## Changes + +\- + + + +\## Testing + + + + + +\## Checklist + +\- \[ ] Title is a clear sentence (≤ 70 chars) + +\- \[ ] Commits are signed (`git log --show-signature`) + +\- \[ ] `submissions/labN.md` updated + From 1772d019839e7434c0cc49d0b55184f477c2f373 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 9 Jun 2026 15:37:46 +0300 Subject: [PATCH 2/7] docs: update PR template Signed-off-by: darknesod --- .github/pull_request_template.md | 44 +++++++++++++------------------- 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 31bd5ea6b..d69a1c1dd 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,26 +1,18 @@ -\## Goal - - - - - -\## Changes - -\- - - - -\## Testing - - - - - -\## Checklist - -\- \[ ] Title is a clear sentence (≤ 70 chars) - -\- \[ ] Commits are signed (`git log --show-signature`) - -\- \[ ] `submissions/labN.md` updated - +## Goal +Complete Lab 1 requirements for DevOps Foundations. + +## Changes +- Added submissions/lab1.md +- Configured SSH commit signing +- Added PR template + +## Testing +- Ran QuickNotes locally +- Tested /health endpoint +- Tested /notes endpoint +- Tested POST /notes endpoint + +## Checklist +- [x] Title is a clear sentence (≤ 70 chars) +- [x] Commits are signed (`git log --show-signature`) +- [x] `submissions/labN.md` updated \ No newline at end of file From c7bb13418e6ad7bd7655d913d70b6e2a3cb438e5 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 9 Jun 2026 17:40:19 +0300 Subject: [PATCH 3/7] docs: upstream moved while you worked Signed-off-by: darknesod From aa520ad542a76b09284c5d7db7f6e85b8f5eef11 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 16 Jun 2026 22:39:25 +0300 Subject: [PATCH 4/7] ci(lab3): add PR gate Signed-off-by: darknesod --- .github/workflows/ci.yml | 62 ++++++++++++++++++++++++++++++++++++++++ submissions/lab3.md | 45 +++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 submissions/lab3.md diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..e306149eb --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,62 @@ +name: CI + +on: + push: + branches: + - main + + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + + vet: + runs-on: ubuntu-24.04 + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: '1.24' + + - name: Go Vet + working-directory: app + run: go vet ./... + + test: + runs-on: ubuntu-24.04 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.2.2 + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: '1.24' + + - name: Go Test + working-directory: app + run: go test -race -count=1 ./... + + lint: + runs-on: ubuntu-24.04 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.2.2 + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: '1.24' + + - name: Install golangci-lint + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $HOME/bin v2.5.0 + + - name: Lint + working-directory: app + run: | + $HOME/bin/golangci-lint run \ No newline at end of file diff --git a/submissions/lab3.md b/submissions/lab3.md new file mode 100644 index 000000000..10a7e9f35 --- /dev/null +++ b/submissions/lab3.md @@ -0,0 +1,45 @@ +# Lab 3 + +## Chosen Path + +GitHub Actions + +Reason: I already have access to GitHub and my repository is hosted there. + +## Task 1 + +### Design Questions + +#### a) Why pin ubuntu-24.04 instead of ubuntu-latest? + +(TODO) + +#### b) Why split vet, test and lint into separate jobs? + +(TODO) + +#### c) What attack does SHA pinning prevent? + +(TODO) + +#### d) What is permissions: and what principle does it follow? + +(TODO) + +## Evidence + +### Green CI Run + +(TODO) + +### Failed Run + +(TODO) + +### Fix Commit + +(TODO) + +### Branch Protection Screenshot + +(Add screenshot later) From 40c0ec728ba1514881b76a251ac0e9b4da330867 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 16 Jun 2026 23:08:04 +0300 Subject: [PATCH 5/7] test: intentionally break CI gate Signed-off-by: darknesod --- app/handlers_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/handlers_test.go b/app/handlers_test.go index 9dff2e3e5..6ec445447 100644 --- a/app/handlers_test.go +++ b/app/handlers_test.go @@ -49,7 +49,7 @@ func TestHealth_ReportsCount(t *testing.T) { if got["status"] != "ok" { t.Errorf("status field: %v", got["status"]) } - if got["notes"].(float64) != 1 { + if got["notes"].(float64) != 2 { t.Errorf("notes count: %v", got["notes"]) } } From 544e445d5f7e99fb605c9901d767ba8104d0ba31 Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 16 Jun 2026 23:17:31 +0300 Subject: [PATCH 6/7] fix: restore broken test Signed-off-by: darknesod --- app/handlers_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/handlers_test.go b/app/handlers_test.go index 6ec445447..9dff2e3e5 100644 --- a/app/handlers_test.go +++ b/app/handlers_test.go @@ -49,7 +49,7 @@ func TestHealth_ReportsCount(t *testing.T) { if got["status"] != "ok" { t.Errorf("status field: %v", got["status"]) } - if got["notes"].(float64) != 2 { + if got["notes"].(float64) != 1 { t.Errorf("notes count: %v", got["notes"]) } } From 5f268dd86935de533770bb62484def9798baa66e Mon Sep 17 00:00:00 2001 From: darknesod Date: Tue, 16 Jun 2026 23:57:46 +0300 Subject: [PATCH 7/7] docs(lab3): add submission Signed-off-by: darknesod --- submissions/lab3.md | 60 ++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/submissions/lab3.md b/submissions/lab3.md index 10a7e9f35..909408ff9 100644 --- a/submissions/lab3.md +++ b/submissions/lab3.md @@ -1,45 +1,55 @@ -# Lab 3 - -## Chosen Path +# Lab 3 Submission +## Path GitHub Actions -Reason: I already have access to GitHub and my repository is hosted there. - -## Task 1 - -### Design Questions +I selected GitHub Actions because I have access to GitHub and it provides integrated PR checks. -#### a) Why pin ubuntu-24.04 instead of ubuntu-latest? +## CI run +Green CI run: +https://github.com/darknesod1-netizen/DevOps-Outro/actions/runs/27643947370/job/81750915744 -(TODO) +## Failed run evidence +I intentionally introduced a failing change to verify the PR gate behavior. +The failed run was fixed by reverting the breaking change. -#### b) Why split vet, test and lint into separate jobs? +Failed run: +https://github.com/darknesod1-netizen/DevOps-Outro/actions/runs/27644857962/job/81754022138 -(TODO) +Fix commit: +544e445 -#### c) What attack does SHA pinning prevent? +## Branch protection +Screenshot attached in PR/submission. -(TODO) +## Task 1 Design Questions -#### d) What is permissions: and what principle does it follow? +### a) Why pin ubuntu-24.04 instead of ubuntu-latest? +Pinning prevents unexpected runner changes. ubuntu-latest can move to a newer OS image and introduce breaking changes. -(TODO) +### b) Why split vet, test and lint? +Separate jobs allow independent failures and parallel execution. With one combined job it is harder to identify failures and debugging takes longer. -## Evidence +### c) What does SHA pinning prevent? +SHA pinning protects against supply-chain attacks where a dependency action tag is moved to malicious code. Example: tj-actions/changed-files incident in March 2025. -### Green CI Run +### d) What is permissions? +permissions defines the GitHub token access level. Least privilege means only granting the access required, such as contents: read. -(TODO) +## Task 2 -### Failed Run +Not completed due to time constraints. -(TODO) +I completed the PR gate pipeline with vet, test, and lint jobs. +The remaining optimizations (Go cache, matrix testing, and path filtering) were not implemented. -### Fix Commit +## Task 2 Design Questions -(TODO) +### f) Why cache go.sum-keyed inputs and not build outputs? +Caching dependency inputs is safer because dependencies are deterministic based on go.sum. Build outputs may depend on environment and toolchain details. -### Branch Protection Screenshot +### g) What does fail-fast false change? +fail-fast false allows all matrix jobs to finish and report their results. fail-fast true is useful when saving CI time is more important than seeing all failures. -(Add screenshot later) +### h) What is the risk of cache poisoning? +An attacker could attempt to put malicious data into a cache that later trusted builds use. CI systems isolate caches and restrict cache usage to reduce this risk. \ No newline at end of file