didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Git-gate clean step #105

New Issue
Closed
opened 2026-05-29 01:08:15 -04:00 by didericis · 2 comments
didericis commented 2026-05-29 01:08:15 -04:00
Owner
Copy Link
Copy Source

When git-gate clones, sometimes there's history in a repo which trips the wire for secrets. This interferes with pushes (and should possibly trigger history cleanup as well). We need some kind of flow to surface these issues and remediate them. Probably want it to happen in the dashboard AFTER git-gate detects an error. So flow should probably be:

git-gate action -> dashboard message -> user action -> sidecar refresh

When git-gate clones, sometimes there's history in a repo which trips the wire for secrets. This interferes with pushes (and should possibly trigger history cleanup as well). We need some kind of flow to surface these issues and remediate them. Probably want it to happen in the dashboard AFTER git-gate detects an error. So flow should probably be: git-gate action -> dashboard message -> user action -> sidecar refresh
didericis added the Kind/Feature label 2026-05-29 01:11:11 -04:00
didericis-claude was assigned by didericis 2026-05-29 01:11:42 -04:00
didericis commented 2026-06-02 23:44:56 -04:00
Author
Owner
Copy Link
Copy Source

I think this might be outdated: we are no longer parsing all the commits when we push through git-gate. Evaluate whether or not to close the issue.

I think this might be outdated: we are no longer parsing all the commits when we push through git-gate. Evaluate whether or not to close the issue.
didericis-claude commented 2026-06-02 23:46:13 -04:00
Collaborator
Copy Link
Copy Source

Agree with closing. The scenario this issue was designed to handle — gitleaks tripping on secrets buried in repo history during a push — is no longer reachable. Issue #106 (closed 2026-05-29) scoped the pre-receive hook scan to incoming commits only (--log-opts="$new --not --all"), so historical fixtures never enter the scan path.

The remediation flow proposed here (git-gate error → dashboard message → user cleanup → sidecar refresh) was only valuable as long as full-history scanning could block a push. Since it can't, there's nothing to surface or remediate. Recommend closing as obsolete.

Agree with closing. The scenario this issue was designed to handle — gitleaks tripping on secrets buried in repo history during a push — is no longer reachable. Issue #106 (closed 2026-05-29) scoped the pre-receive hook scan to incoming commits only (`--log-opts="$new --not --all"`), so historical fixtures never enter the scan path. The remediation flow proposed here (git-gate error → dashboard message → user cleanup → sidecar refresh) was only valuable as long as full-history scanning could block a push. Since it can't, there's nothing to surface or remediate. Recommend closing as obsolete.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label Kind/Feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees didericis-claude
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#105
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?