Crawl/nowakfli/ex8 security secrets hygiene#127
Closed
nowakfli wants to merge 14 commits into
Closed
Conversation
GHCP — Crawl: Ex0 bootstrap
GHCP — Crawl: Ex1 repo-orientation
…eline GHCP — Crawl: Ex2 build-test-baseline
GHCP — Crawl: Ex3 tiny-refactor
…sync GHCP — Crawl: Ex4 documentation-sync
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands the “crawl” exercise materials while also tightening the Python sample app’s input validation and adding documentation around security hygiene, dependencies, and basic benchmarking.
Changes:
- Added
.gitignorerules and new security docs aimed at preventing accidental commits of secrets/cert artifacts. - Improved book-app robustness with year parsing helpers, CLI input validation, and
BookCollection.add_book()validation. - Added/expanded pytest coverage for utils and validation behavior, plus new “ai-track-docs” operational docs (build/test, perf baseline, system overview).
Reviewed changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
samples/book-app-project/utils.py |
Adds docstrings plus parse_year() and safer year handling in get_book_details(). |
samples/book-app-project/tests/test_utils.py |
Adds unit tests for parse_year() / get_book_details(). |
samples/book-app-project/tests/test_books.py |
Adds tests for BookCollection.add_book() validation and CLI error output. |
samples/book-app-project/pyproject.toml |
Pins pytest to >=8,<9. |
samples/book-app-project/books.py |
Adds input validation in BookCollection.add_book(). |
samples/book-app-project/book_app.py |
Adds early CLI validation for title/author/year. |
samples/book-app-project/benchmark_list_books.py |
Introduces a micro-benchmark for list_books(). |
ai-track-docs/SYSTEM-OVERVIEW.md |
New repo/system overview doc for the AI track. |
ai-track-docs/security.md |
New “secret hygiene” note explaining ignore rules and checks. |
ai-track-docs/perf-baseline.md |
New perf baseline write-up referencing the benchmark script. |
ai-track-docs/extending-utils.md |
New guidance doc for extending utils.py. |
ai-track-docs/dependencies.md |
New dependency policy notes (Python sample). |
ai-track-docs/build-test.md |
New build/test command reference for the Python sample. |
ai-track-docs/architecture.mmd |
Adds a Mermaid architecture diagram (currently placeholder). |
.gitignore |
Adds ignore patterns for common key/cert/secret artifacts. |
.copilot-track/crawl/README.md |
Adds Crawl track process/guardrails documentation. |
Comment on lines
+116
to
+117
| - Input functions return validated data to the main application logic</content> | ||
| <parameter name="filePath">c:\crawl-walk-run\copilot-cli-for-beginners-mnf\ai-track-docs\extending-utils.md No newline at end of file |
Comment on lines
+37
to
+40
| ### Run Tests with Coverage Report | ||
| ```bash | ||
| cd samples/book-app-project | ||
| pytest tests/ --cov=. --cov-report=term-missing |
Comment on lines
+7
to
+27
| def run_benchmark(iterations: int = 10000, book_count: int = 1000) -> dict[str, float]: | ||
| collection = BookCollection() | ||
| collection.books = [ | ||
| Book(title=f"Book {index}", author="Benchmark Author", year=2000 + (index % 20)) | ||
| for index in range(book_count) | ||
| ] | ||
|
|
||
| samples = [] | ||
| for _ in range(iterations): | ||
| start = time.perf_counter() | ||
| collection.list_books() | ||
| samples.append((time.perf_counter() - start) * 1_000_000) | ||
|
|
||
| return { | ||
| "iterations": iterations, | ||
| "book_count": book_count, | ||
| "mean_us": statistics.mean(samples), | ||
| "median_us": statistics.median(samples), | ||
| "min_us": min(samples), | ||
| "max_us": max(samples), | ||
| } |
| import os | ||
| sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) | ||
|
|
||
| import pytest |
Comment on lines
+2
to
+14
| A["Placeholder: System Component A"] --> B["Placeholder: Component B"] | ||
| B --> C["Placeholder: Component C"] | ||
| C --> D["Database"] | ||
| A --> E["External Service"] | ||
|
|
||
| style A fill:#e1f5ff | ||
| style B fill:#e1f5ff | ||
| style C fill:#e1f5ff | ||
| style D fill:#fff3e0 | ||
| style E fill:#f3e5f5 | ||
|
|
||
| classDef placeholder fill:#e0e0e0,color:#424242 | ||
| class A,B,C,D,E placeholder |
Comment on lines
+1
to
+5
| # Security Notes | ||
|
|
||
| ## Scope | ||
|
|
||
| This note covers secret hygiene for the course repository, with emphasis on preventing accidental commits of local credentials and certificate material. |
Collaborator
|
Thank you, but this isn’t something we’re looking to as to the course right now so going to close this PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.