One does not commit or compile credentials
Context:
This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.
this post was submitted on 12 Jul 2024
367 points (97.4% liked)
Programmer Humor
20906 readers
1691 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
At my workplace, we use the string
@nocommitto designate code that shouldn't be checked in. Usually in a comment:but it can be anywhere in the file.
There's a lint rule that looks for
@nocommitin all modified files. It shows a lint error in dev and in our code review / build system, and commits that contain@nocommitanywhere are completely blocked from being merged.(the code in the lint rule does something like
"@no"+"commit"to avoid triggering itself)This sounds like a really useful solution, how do you implement something like this? Especially with linter integration
Depending on which stack you’re using, you could use https://danger.systems to automatically fail PRs.
PRs? Isn't the point of
@nocommitthat something does not get committed, and therefore no credentials are stored in the git repository? Even if the PR does not get merged, the file is still stored as a hit object and can be restored.I read the lint part and my brain forgot about everything else. You could stick the danger call in a pre commit hook though.