Github-basics.md

Git and Github Basics

Definitions

• VCS : version control system
• SCM : software configuration management
• Fork : copie du repo coté serveur

rechercher depuis la barre github

• Opérateurs: OR, AND, NOT
• Repo: repo:Aif4thah/Dojo-101 windows
• User: user:Aif4thah
• Owner: owner:Aif4thah

exemples:

• is:open is:issue assignee:@me : Open issues assigned to the current user (@me)
• is:closed is:pr author:contoso: Closed pull requests created by @contoso
• is:pr sidebar in:comments : Pull requests where "sidebar" is mentioned in the comments
• is:open is:issue label:bug -linked:pr : Open issues labeled as bugs that do not have a linked pull request

Type de compte

• Personal
• Organization
• Enterprise

plans

• GitHub Free for personal accounts and organizations
• GitHub Pro for personal accounts
• GitHub Team
• GitHub Enterprise

more info here

Features générales

• Copilot (IA)
• CodeSpace (VM & storage lié à une extension de l'éditeur)
• Projects (Boards (Kanban), Data, Insight (Indicateurs), Automation (API, Github Actions))
• InnerSource -> application des pratiques OpenSource sur des dépots privés d'entreprises

Features de Securité

• PSSI dans SECURITY.md
• Security advisories pour discuter ou corriger une vuln
• .gitignore pour ne pas commit de fichiers sensibles
• Branch protection rules
• fichiers CODEOWNERS pour déterminer des responsable à la racine du repo ou .github ou dossiers docs
• Scan des dépendances (dependabot)
• Scan du code (CodeQL)
• Scan des secrets

Authentification

• Login / passwd

• Token (PAT : personal access token)

• SSH keys

• Deploy key (SSH single repo)

• 2 Factors (TOTP)

• SAML SSO (with SCIM System for Cross-domain Identity Management and a Identity Provider (IdP) )

• LDAP

Trunk-based development workflow

• Create a branch
• Add commits
• Open a pull request
• Code review
• Deploy
• Merge

Permissions

• Read : Recommended for non-code contributors who want to view or discuss your project. This level is good for anyone that needs to view the content within the repository but doesn't need to actually make contributions or changes.
• Triage : Recommended for contributors who need to proactively manage issues and pull requests without write access. This level could be good for some project managers who manage tracking issues but don't make any changes.
• Write : Recommended for contributors who actively push to your project. Write is the standard permission for most developers.
• Maintain : Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
• Admin : Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository. These people are repository owners and administrators.

more info

Commandes de base

git status
git add # start keeping track of changes in certain files
git commint # save your work to a snapshot
git log
git help

commandes de configuration, commit et push

git config --global user.email <mail>
git config --global user.name <mail>
git add *
git commit -m "update MM-YYYY"
git push origin main

Lister les branches

git branch

afficher l'historique d'un fichier

git blame

créer une pull request:

Cliquer sur le bouton fork via l'interface Web, on obtient un fork sous la forme

https://github.com/<YourUserName>/demo

cloner ensuite votre fork pour travailler:

git clone https://github.com/<YourUserName>/demo

Une fois les changements commit et push, utiliser le bouton Compare & pull request button sur Github

Hooks

/!\ d'un point de vue sécu, les hooks peuvent permettre des actions malveillantes et doive être contrôlés

Stockés dans .git/hooks, exécute du code avant ou après un événement cible

Shebang sous windows: #!C:/Program\ Files/Git/usr/bin/sh.ex

Un hooks n'est pas commit par défaut, il faut utiliser les paramètres globaux

Git config --global core.hooksPath '~/.githooks

Si pbm avec les hooks

Git commit --no-verify

Suppression de l'historique (perfectible)

git checkout --orphan latest_branch
git add -A
git commit -am "Init" 
git branch -D main # suppression
git branch -m main # renommage de la branche en main
git push -f origin main #push vers la branche main
git gc --aggressive --prune=all # supression des anciens fichiers

Actions / Workflows

This workflow will build a .NET project, more information here

name: .NET

on:
  push:
    branches: [ "main" ]
    tags:
      - '*'
  pull_request:
    branches: [ "main" ]
    tags:
      - '*'

jobs:
  build:

    runs-on: windows-latest

    steps:
    - uses: actions/checkout@v3
    - name: Setup .NET
      uses: actions/setup-dotnet@v3
      with:
        dotnet-version: 8.0.x
    - name: Display dotnet version
      run: dotnet --version
    - name: Restore dependencies
      run: dotnet restore
    - name: Build
      run: dotnet build --no-restore
    - name: Publish
      run: dotnet publish -c Release -o ./publish
    - name: Upload artifacts
      uses: actions/upload-artifact@v2
      with:
        name: my-artifact
        path: ./publish/

Gestion des secret

Ils peuvent être gérés depuis Settings -> Security -> Secrets and variables.

Ils sont ensuite déclarés comme ceci dans le fichier du workflow afin d'être injectés :

steps:
  - shell: pwsh
    env:
      SUPER_SECRET: ${{ secrets.SuperSecret }}
    run: |
      example-command "$env:SUPER_SECRET"

Documentation Github

Scan des secrets

• defaut : A activer dans les options security -> Secret scanning et push protection

• Gitleaks : dans le repartoire du .git via la commande gitleaks detect -v