From 0cfa957c81f70ac2d4577aa0e47d911be3d05f5d Mon Sep 17 00:00:00 2001 From: Yoav Kleinberger Date: Mon, 25 May 2026 21:34:44 +0300 Subject: [PATCH 1/5] guidance: on setup --- guideance/setup.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 guideance/setup.md diff --git a/guideance/setup.md b/guideance/setup.md new file mode 100644 index 0000000..569bec1 --- /dev/null +++ b/guideance/setup.md @@ -0,0 +1,30 @@ +# On Setup + +## Basics + +* Learn touch typing. +* Use scaffolding for bootstraping your project, e.g. `cookiecutter`. Good for standardizing your organization's projects and saving time on setup. +* Never write wikis, always scripts. +* Get your minimal hooks set up from the start with your CI. + * tests, linters, formatters. +* Use pull requests from the start. +* If reasonable, use a build system, `make` or `rake` or `just`. +* Know your ecosystem, e.g. `uv` for Python, `cargo` for Rust, `npm` for node, etc. + * use lock-files for reproducible builds. + * Save artifacts tagged by commit hash. + * Leverage ecosystem documentation. + +## Security + +* Know what secrets are +* Scan for accidentally committed secrets with a pre-commit hook (e.g. `gitleaks`, `truffleHog`). +* Audit your dependencies for known vulnerabilities. Automate it in CI. +* DO NOT BE LAZY with root-level permissions. Use the principle of least privilege. +* Use vaults for secrets management, e.g. `vault` or `aws secrets manager`. + +## Advanced + +* Use docker for a full working environment. +* Everything should be text based. +* Use mock services for E2E tests. +* Use infrastructure-as-code even for small projects (terraform, CloudFormation). "I'll do it properly later" never happens. From 1b9fc79d401bd736efbbf5a1912b6c1047876fa0 Mon Sep 17 00:00:00 2001 From: Yoav Kleinberger Date: Mon, 25 May 2026 21:40:08 +0300 Subject: [PATCH 2/5] fix --- guideance/setup.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/guideance/setup.md b/guideance/setup.md index 569bec1..6c920b2 100644 --- a/guideance/setup.md +++ b/guideance/setup.md @@ -13,6 +13,12 @@ * use lock-files for reproducible builds. * Save artifacts tagged by commit hash. * Leverage ecosystem documentation. +* For a very lean project, the README lists + * one liner for setting up the project + * one liner for running tests + * minimal further explanations + * expand this only when actually needed: e.g. team members cannot onboard without it. +* Story Tests are the ultimate user guide ## Security From ac9e29b718e046725f6518e0d9ee783c9e49c558 Mon Sep 17 00:00:00 2001 From: Yoav Kleinberger Date: Mon, 25 May 2026 21:42:59 +0300 Subject: [PATCH 3/5] modernize github actions --- .github/workflows/linters.yaml | 2 +- .github/workflows/publish.yaml | 2 +- .github/workflows/tests.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml index c838cf3..68cb4d8 100644 --- a/.github/workflows/linters.yaml +++ b/.github/workflows/linters.yaml @@ -10,7 +10,7 @@ jobs: uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '3.13' - name: install poetry run: curl -sSL https://install.python-poetry.org | python - - name: install myself diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index fc1f08a..4fec2bc 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '3.13' - run: ls - name: install poetry run: curl -sSL https://install.python-poetry.org | python - diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 997dcef..667a53b 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -3,13 +3,13 @@ on: pull_request: jobs: Unit-Tests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - name: check out our code uses: actions/checkout@v3 - uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '3.13' - name: install poetry run: curl -sSL https://install.python-poetry.org | python - - name: install myself From 50d30c9ec76ac4173bac16dd4c7769c1d1ea3d20 Mon Sep 17 00:00:00 2001 From: Yoav Kleinberger Date: Mon, 25 May 2026 21:44:08 +0300 Subject: [PATCH 4/5] fix --- guideance/setup.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guideance/setup.md b/guideance/setup.md index 6c920b2..5e53f5d 100644 --- a/guideance/setup.md +++ b/guideance/setup.md @@ -3,6 +3,7 @@ ## Basics * Learn touch typing. +* Understand the shell, do a basics `bash` course. * Use scaffolding for bootstraping your project, e.g. `cookiecutter`. Good for standardizing your organization's projects and saving time on setup. * Never write wikis, always scripts. * Get your minimal hooks set up from the start with your CI. From 82606f10320b5d70a9a9c0fc61290fe82f7cd66f Mon Sep 17 00:00:00 2001 From: Yoav Kleinberger Date: Mon, 25 May 2026 21:51:03 +0300 Subject: [PATCH 5/5] lnf --- {guideance => guidance}/setup.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {guideance => guidance}/setup.md (100%) diff --git a/guideance/setup.md b/guidance/setup.md similarity index 100% rename from guideance/setup.md rename to guidance/setup.md