fix(modules-1,15,17): onboarding step, make M15 gate actually catch the plant, M17 .env override
- M1: add a no-git "Get the course materials" step (download+unzip; clone noted as Module 8) so Part A's paths resolve without assuming git. URL flagged Verify-before-publish (swap to public host before publishing). - M15: security gate was failing OPEN on python3-only systems (bare `python`) and missing the UNTRACKED config.py, so the planted secret passed green. Now guards python3, fails CLOSED on any non-clean exit, and stages files so the planted SYNC_API_KEY + typosquat dep are actually caught. - M15: correct the false "Bandit flags the API key" claim (B105-107 need password-named ids); add an honest MD5 (B324) flaw so the SAST demo fires. Planted secret/deps preserved. - M17: require the .env loader to use setdefault so Part D's override demo works; explain precedence. Hardcoded "before" anti-pattern left intact. Closes #6 Closes #17 Closes #18 Closes #19 Closes #29 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
This commit is contained in:
@@ -137,6 +137,26 @@ purpose** so you recognize it later.
|
||||
- Python 3.10 or newer (`python --version` or `python3 --version` to check).
|
||||
- Your usual AI chat assistant, open in a browser tab.
|
||||
|
||||
### Get the course materials
|
||||
|
||||
Everything you'll run in this course lives in one repo. Grab it once, up front — no tools required
|
||||
beyond a web browser:
|
||||
|
||||
1. Open the course's home page — **`https://git.jpaul.io/justin/the-workflow-course`** — and use its
|
||||
**Download ZIP** (archive) link.
|
||||
2. Unzip it under your home directory so the course's `modules/` folder lands at
|
||||
`~/workflow-course/modules/`. (Rename the unzipped folder to `workflow-course` if your download
|
||||
named it something else.)
|
||||
|
||||
You now have every module's files locally, including this one's under
|
||||
`modules/01-the-copy-paste-problem/`.
|
||||
|
||||
> *A cleaner, **updatable** way to get the repo — `git clone` — arrives in **Module 8**, once you've
|
||||
> learned Git (Module 2). A one-time ZIP is all you need today; don't reach for `clone` yet.*
|
||||
|
||||
> *Verify-before-publish: confirm this download URL points at the published course host before
|
||||
> shipping.*
|
||||
|
||||
### Part A — Stand up the project
|
||||
|
||||
1. Make a working directory and copy in the starter app from this module's `lab/starter/` folder:
|
||||
|
||||
Reference in New Issue
Block a user