-
Notifications
You must be signed in to change notification settings - Fork 2
/
git.prolific
90 lines (63 loc) · 3.43 KB
/
git.prolific
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
I can easily push to/pull from GitHub on shared machines
[Generate an RSA key on your Yubikey, and configure your machine to use this RSA key when authenticating SSH sessions, and tell GitHub to accept this RSA key as a means of authentication](https://www.engineerbetter.com/blog/yubikey-ssh/).
## Acceptance
* Ensure your Yubikey is not plugged in
* Start a terminal session
* `ssh-add -l` - list keys loaded for SSH authentication
* Observe that no keys are loaded
* `git clone [email protected]:EngineerBetter/new-starters.git $HOME/workspace/new-starters`, which will require SSH authentication
* Observe authentication fail (because you have no keys loaded)
* Insert your Yubikey
* `git clone [email protected]:EngineerBetter/new-starters.git $HOME/workspace/new-starters` - try authenticating again
* Observe the PIN entry GUI
* Enter your PIN
* Observe the GUI disappear, and the `git clone` complete successfully
L: yubikey, git
---
I can prove commits with my name on were made by someone with my Yubikey
[Set up commit signing](https://www.engineerbetter.com/blog/yubikey-signed-commits/) so that Git commits are signed by your private key, meaning that you can prove that your Yubikey was present when they were made.
## Acceptance
* `mkdir $TMP/foo` - make a new directory
* `cd $TMP/foo` - change into directory
* `git init` - set directory up as a Git repository
* `touch file` - create a file
* `git add file` - stage the file
* `git commit -m "test"`
* Observe PIN entry GUI
* `git log --show-signature`
* Observe notes showing that the commit was signed
* (Ignore `WARNING: This key is not certified with a trusted signature!`, this is to do with whether you've told your computer that you've checked that the key that signed the commit really belongs to who it says it does.)
L: yubikey, git
---
My colleagues can easily make commits that show I was pairing with them
Install `git-duet` and follow instructions in the [`git-authors` repository](https://github.com/EngineerBetter/git-authors). Add your details to the `authors` file in the repository, and push the commit.
* Open a terminal
* `git-solo YOUR_INITIALS`
* Observe `GIT_AUTHOR_NAME` and `GIT_AUTHOR_EMAIL` being set to your details
* Visit https://github.com/EngineerBetter/git-authors/blob/master/authors
* Observe your commit was pushed
L: git
---
I can easily make commits that show who I was pairing with
Install `git-duet` and follow instructions in the [`git-authors` repository](https://github.com/EngineerBetter/git-authors).
## Acceptance
* Open a terminal
* `git-solo YOUR_INITIALS`
* Observe `GIT_AUTHOR_NAME` and `GIT_AUTHOR_EMAIL` being set to your details
* `git-duet YOUR_INITIALS SOMEONE_ELSES_INITIALS`
* Observe `GIT_AUTHOR_NAME` and `GIT_AUTHOR_EMAIL` being set to your details
* Observe `GIT_COMMITTER_NAME` and `GIT_COMMITTER_EMAIL` being set to the other person's details
* `git-solo YOUR_INITIALS` so it doesn't look like you're pairing when you're not
L: git
---
I am less likely to commit files I shouldn't
Follow the instructions in the [`gitignore` repo](https://github.com/EngineerBetter/gitignore). Please also condider keeping it up-to-date with additions that should be _universally_ ignored.
## Acceptance
* Open a terminal
* `mkdir $TMP/bar` - make a temporary directory
* `cd $TMP/bar` - change into the above
* `git init` - create a new repo
* `touch INSERT_FILE_FROM_GITIGNORE HERE` - create a file that we're supposed to ignore
* `git status`
* Observe no files to add
L: git