Core Track Guardrails-first chapter in core learning path.

Estimated Time

  • Reading: 20-25 min
  • Lab: 45-60 min
  • Quiz: 10-15 min

Prerequisites

Source Code References

  • .coderabbit.yml Members
  • .pre-commit-config.yaml Members
  • terraform-hcloud-destroy.yml Members
  • terraform-hcloud.yml Members

Sign in to view source code.

What You Will Produce

A reproducible lab result plus quiz verification and incident-safe operating evidence.

Core Exercises (Required)

  1. Test Local Hooks: Try to commit a dummy file named kubeconfig.yaml and observe the block-secrets hook in action.
  2. PR Validation: Open a pull request with an intentional YAML syntax error in a Flux manifest. Identify which CI job catches the error first.
  3. Review AI Output: Analyze a CodeRabbit review comment on one of your PRs. Identify at least one pattern or “KISS” principle violation it flagged.
  4. Concurrency Test: Manually trigger two overlapping workflow runs for the same environment. Verify that the concurrency group correctly manages their execution.

Challenge Exercise (Optional)

Hook Bypass Detection Trace: Deliberately bypass all local hooks using --no-verify, push to a feature branch, and document which CI layer catches the violation first. Trace the full detection path from push to pipeline failure.

Done When

You have completed this chapter when:

  • You can explain the “Layered Defense” model and why each layer is necessary.
  • You have successfully installed and triggered pre-commit hooks locally.
  • You can trace the path of a change from workstation to cluster apply.
  • You understand how to verify and approve a Terraform plan within GitHub Actions.
  • You can describe the role of CodeRabbit in the automated review process.

Knowledge Check

Before finishing this chapter, complete the Quiz to verify your understanding of the guardrail principles.