Skip to content

Instantly share code, notes, and snippets.

View joshjohanning's full-sized avatar
:octocat:

Josh Johanning joshjohanning

:octocat:
136 followers · 68 following
View GitHub Profile
@joshjohanning
joshjohanning / rewriting-history.md
Created March 27, 2024 15:32 — forked from robandpdx/rewriting-history.md

Rewriting repository history

Sometimes history rewrites are required in order to migrate repositories into github.com. Several factors can dictate the need to rewrite history of a repository:

  • objects larger than 100Mb
  • commits larger than the 2GB push limit

Although rewriting history might not be required for your repository to migrate to github.com, you may consider rewriting history for several reasons:

  • migrate large objects to LFS
  • cleanup previous mistakes or bad practices that caused repo bloat
  • remove secrets from repo history
@joshjohanning
joshjohanning / pipeline.yml
Created October 3, 2023 16:51
GitHub Advanced Security in Azure DevOps
trigger:
- main
pool:
vmImage: windows-latest
variables:
advancedsecurity.codeql.querysuite: security-extended
advancedsecurity.submittoadvancedsecurity: true
@joshjohanning
joshjohanning / dependency-review.yml
Created October 2, 2023 16:23
dependency-review.yml
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
@joshjohanning
joshjohanning / 1-orgs-archetype.md
Created July 19, 2023 18:34 — forked from whatupfoo/1-orgs-archetype.md
Orgs and Teams Best Practices

Organization archetypes

The intention of this document is to provide some guidance and suggestions to customers who are wondering how they should structure organizations and teams in their GitHub Enterprise environment. The idea isn't to give hard and fast rules on which approach is better than the other, but to give examples of when one approach might be preferable to another depending on the use case.

1. A single organization with direct organization membership for repository access (not teams)

          ________________
          |     Org      |
          |    ______    |
          |   |      |\  |

| | Repo | \ |

@joshjohanning
joshjohanning / deploy.yml
Last active June 25, 2023 23:29
Extracting, replacing values, and re-signing iOS app (IPA)
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ipa-output
# TODO: set up build certificates and provisioning profiles - see note below
- name: extract ipa
run: |
unzip -q -o -d ${{ runner.temp }}/app ${{ github.workspace }}/$APPNAME.ipa
rm ${{ github.workspace }}/$APPNAME.ipa
@joshjohanning
joshjohanning / backup-utils-ssh-agent.sh
Created June 19, 2023 20:04
Using SSH Agent with GitHub's backup-utils
eval "$(ssh-agent -s)"
pass=$(az keyvault secret show --vault-name josh-key-vault-test --name passphrase --query value -o tsv)
# sudo yum install -y expect
expect << EOF
spawn ssh-add /home/codespace/.ssh/id_rsa
expect "Enter passphrase"
send "$pass\r"
expect eof
@joshjohanning
joshjohanning / terraform-plan.yml
Created May 24, 2023 14:52
terraform plan in github acitons
name: terraform plan # this doesn't show up in ui
on:
workflow_call:
inputs:
runs-on:
description: Platform to execute on
type: string
default: ubuntu-latest
additional-args:
@joshjohanning
joshjohanning / dependency-review.yml
Created April 25, 2023 17:46
A required workflow for using dependency-review-action
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
@joshjohanning
joshjohanning / exaple-sbom.json
Created April 24, 2023 17:46
example sbom
{
"SPDXID": "SPDXRef-DOCUMENT",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "2023-04-24T17:02:08Z",
"creators": [
"Tool: GitHub.com-Dependency-Graph"
]
},
"name": "com.github.joshjohanning-org/ghas-demo",
@joshjohanning
joshjohanning / gitlab-export-group-members.sh
Created March 31, 2023 18:50
export group members from gitlab
#!/bin/bash
# usage:
# ./gitlab-export-users-in-group.sh 2 > users.csv
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <group_id> - obtain from the overview page of your group"
exit 1
fi