Skip to content

feat(lab3): add pre-commit config and lab submission#1070

Open
eraegar wants to merge 7 commits into
inno-devops-labs:mainfrom
eraegar:feature/lab3
Open

feat(lab3): add pre-commit config and lab submission#1070
eraegar wants to merge 7 commits into
inno-devops-labs:mainfrom
eraegar:feature/lab3

Conversation

@eraegar

@eraegar eraegar commented Jun 17, 2026

Copy link
Copy Markdown

Goal

Add the Lab 3 submission for SSH commit signing, pre-commit secret scanning with gitleaks, and bonus history-rewrite practice.

Changes

  • Added submissions/lab3.md with SSH signing evidence, gitleaks blocked-commit output, tune-out analysis, and bonus history-rewrite results
  • Added .pre-commit-config.yaml with gitleaks, detect-private-key, and check-added-large-files hooks
  • Configured and tested the Lab 3 workflow for signed commits and local pre-commit enforcement

Testing

Commands used:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true
git config --global tag.gpgsign true

~/Library/Python/3.9/bin/pre-commit install
~/Library/Python/3.9/bin/pre-commit run --files .pre-commit-config.yaml submissions/lab3.md

cat > /tmp/leak-test.txt <<'EOF'
# This is a deliberate fake secret for Lab 3 testing
GH_PAT=ghp_16C7e42F292c6912E7710c838347Ae178B4a
EOF
cp /tmp/leak-test.txt submissions/leak-attempt.txt
git add submissions/leak-attempt.txt
git commit -m "test: should be blocked by gitleaks"

git log --show-signature -1

cd /tmp/lab3-bonus
git log -p | grep -c 'ghp_AAAA'
~/Library/Python/3.9/bin/git-filter-repo --force --replace-text /tmp/replace.txt
git log -p | grep -c 'ghp_AAAA'
git log -p | grep -c 'REDACTED'

Observed results:

  • SSH commit signing was enabled and local verification showed a good Git SSH signature
  • pre-commit installed successfully and the configured hooks passed on the Lab 3 files
  • gitleaks blocked the planted fake GitHub PAT with rule ID github-pat
  • In the sandbox bonus repo, git-filter-repo removed the fake secret from history and replaced it with REDACTED
  • Secret-count checks changed from 2 before rewrite to 0 after rewrite, while REDACTED appeared 2 times

Artifacts & Screenshots

  • Submission file: submissions/lab3.md

  • Hook configuration: .pre-commit-config.yaml

  • Verified commit evidence: [add commit URL after push]

  • Verified badge screenshot: [attach in PR or add link]

  • Title is clear (feat(lab3): <topic> style)

  • No secrets/large temp files committed

  • Submission file at submissions/lab3.md exists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eraegar