search

danguera / security-strategy-essentials

https://lab.github.com/githubtraining/security-strategy-essentials
MIT License
0 stars 0 forks source link

Add wolverine octocat to game #7

Closed github-learning-lab[bot] closed 2 years ago

github-learning-lab[bot] commented 2 years ago

Game update

By popular demand, this pull request adds the wolverine image to the game:

xtocat

github-learning-lab[bot] commented 2 years ago

Removing sensitive information

A contributor opened a pull request to add a new image to the memory game. However, it appears that this contributor also committed a sensitive .env file that shouldn't be included. Contributors may commit sensitive information by accident or on purpose without knowing the consequences of these actions.

Before we approve this pull request and merge it in, we need to remove this sensitive .env file from the pull request.

Step 8: Remove sensitive data in a pull request

We can do this by cloning this repository to our computer, and then running a few local Git commands before pushing up a fix on the contributor's branch on GitHub.

  1. Clone this repository locally by running git clone https://github.com/danguera/security-strategy-essentials.git
  2. CD into your newly cloned repository with cd security-strategy-essentials
  3. Checkout to the contributor's branch with git checkout add-wolverine-image
  4. Remove the unwanted commit that introduced the .env file with a rebase. You can do this with git rebase -i main and then remove the entire commit so only the Add wolverine image to game commit remains
  5. Run git push -f to force push your changes to the branch on GitHub

I'll respond below when you push up a fix to remove the `.env` file.

github-learning-lab[bot] commented 2 years ago

Nice job removing that .env file!

Notice that the commit has been removed from the pull request and that the file no longer persists in the "files changed" tab. You may need to refresh your page to see the previous commits disappear.

However, even though we removed the commit, the historical reference to this commit can still be found if you know the commit id. In a real world situation, you'll need to contact GitHub Support to perform the following:

For our situation, we can skip contacting GitHub Support for this example! :smile:

Now that the sensitive information has been removed, let's now approve this contributor's pull request

Step 9: Approve the pull request

  1. Approve this pull request.

I'll respond below when I see your approval.

danguera commented 2 years ago

.env file has been removed

github-learning-lab[bot] commented 2 years ago

Nice job removing that .env file and approving the game update from a contributor!

With your approval, I merged in the pull request!

Let's now learn about adding a .gitignore file in your next pull request.