Sometimes it happens that people accidentally push information from inside the organization to the public github repository. It could be hostname, ip address, proxy etc... This information could be somewhere in commit mesage and if reviewers see it, it's too late.
For this reason, I created a GitHook protection (short snippet running locally in your project) that warns you if it finds vulnerable information before you commit.
See the vulnerable commit message
Vulnerable commit
I invested a little time today in something like this:
SHELL := /bin/bash
init=@./make-tools --init -m "starting"
save=@./make-tools --message "saving value" --save
load=@./make-tools --debug --load
exists=@./make-tools -m "environment variable doesn't exist" --env-exists
# Options
| package test | |
| import ( | |
| "github.com/stretchr/testify/require" | |
| "k8gbterratest/utils" | |
| "testing" | |
| ) | |
| func TestMyDemo(t *testing.T) { | |
| const host= "terratest-failover.cloud.example.com" |
This checklist is consolidated from Tim Hawkin's "How To Be A Bad-Ass Code Reviewer" (KubeCon Contributor Summit, Nov 2019).
Out of scope: API review, KEP review