Remove all history in ccf-app-samples repo

[ross-p-smith]

The https://github.com/microsoft/ccf-app-samples/ repository has previously had certificates stored inside it for the demo. These were replaced by dynamically creating the certificates as part of the demo.

However this means the certs are in the git history and this means it is problematic to fork this repository to Azure DevOps.

I think we should squash the commits before and after the certs being added now before we iterate further.

[takuro-sato]

@ross-p-smith
I force pushed the squashed history to main.
Could you check if you can fork it now?

[ross-p-smith]

Same thing -

[ross-p-smith]

Unfortunately, I think we have to be a bit more brutal: - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository

[ross-p-smith]

We could try

• create temporary orphan branch e.g. main-temp
• do PR from main to main-temp with squash
• rename main to main-old
• rename main-temp to main
• delete all other branches

[takuro-sato]

Both of the link and the way suggested sound good to try.
Before I actually try, could you tell me how I can reproduce the error so that I can do quick try and error?

I tried:

• Create an Azure DevOps project
• Use "Import repository" for current main of ccf-app-samples in GitHub.

But I could simply import it. Do I need some setting?

[ross-p-smith]

Maybe it's an AzureDevOps linked to the MSFT tenant as credscan is setup on it. I've just tried it again and it fails. Was the Azure DevOps that you created a personal one?

[takuro-sato]

I see.
My account -> Microsoft's one
Project -> Created with the above account and default settings.

[takuro-sato]

I tried bfc and ten force pushed.
@ross-p-smith Could you try to import it again?

I got errors for updating PR refs (deny updating a hidden ref), but I see that the files are gone from the history of main.
If it doesn't work, I'll try to resolve the errors.

takurosato@LAPTOP-5I4F12NJ:~/Projects/CCF/repo/ccf-app-samples.git$ java -jar ~/bfg.jar --delete-files '{set_user0.json,set_user1.json,user0_cert.pem,user0_privk.pem,user1_cert.pem,user1_privk.pem}'

Using repo : /home/takurosato/Projects/CCF/repo/ccf-app-samples.git

Found 39 objects to protect
Found 23 commit-pointing refs : HEAD, refs/heads/main, refs/pull/10/head, ...

Protected commits
-----------------

These are your protected commits, and so their contents will NOT be altered:

 * commit 5817aca7 (protected by 'HEAD')

Cleaning
--------

Found 130 commits
Cleaning commits:       100% (130/130)
Cleaning commits completed in 264 ms.

Updating 21 Refs
----------------

        Ref                 Before     After   
        ---------------------------------------
        refs/pull/10/head | e9fad6c6 | bbedbb18
        refs/pull/11/head | ac99e48f | 6ce8b7fd
        refs/pull/12/head | 0c75d0c6 | 3869fcc4
        refs/pull/13/head | ba37374c | 0b1d4f9b
        refs/pull/16/head | a2b350b2 | c930fcd2
        refs/pull/19/head | 20ecc552 | b7f623e1
        refs/pull/20/head | 60eae65c | ee37bfdb
        refs/pull/21/head | 5a2ae178 | 519ab49b
        refs/pull/22/head | 6f90abee | fe7aa39a
        refs/pull/24/head | 5c8782b0 | 1a381c6f
        refs/pull/25/head | 47b30668 | f956f7f0
        refs/pull/31/head | 0cd9e995 | d3b75dfc
        refs/pull/33/head | 6f2ca657 | ef9d1cd7
        refs/pull/34/head | 0cd28ed2 | 25715c75
        refs/pull/36/head | b9481981 | d95f7cac
        ...

Updating references:    100% (21/21)
...Ref update completed in 43 ms.

Commit Tree-Dirt History
------------------------

        Earliest                                              Latest
        |                                                          |
        ..DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDmDmmmmmmmmmmmmmmmmmmDmmmmmm

        D = dirty commits (file tree fixed)
        m = modified commits (commit message or parents changed)
        . = clean commits (no changes to file tree)

                                Before     After   
        -------------------------------------------
        First modified commit | 5ef802e9 | 66f5f5b4
        Last dirty commit     | 4600c79a | 593dcfa1

Deleted files
-------------

        Filename          Git id                              
        ------------------------------------------------------
        set_user0.json  | 681452b6 (764 B ), 19e32c4e (802 B )
        set_user1.json  | eb77e737 (802 B ), f9e086ec (764 B )
        user0_cert.pem  | 0dfd546c (648 B )                   
        user0_privk.pem | 08307963 (359 B )                   
        user1_cert.pem  | 374255bd (648 B )                   
        user1_privk.pem | 843163e6 (359 B )                   


In total, 183 object ids were changed. Full details are logged here:

        /home/takurosato/Projects/CCF/repo/ccf-app-samples.git.bfg-report/2022-11-21/13-57-51

BFG run is complete! When ready, run: git reflog expire --expire=now --all && git gc --prune=now --aggressive

takurosato@LAPTOP-5I4F12NJ:~/Projects/CCF/repo/ccf-app-samples.git$ git push --force
Enumerating objects: 358, done.
Counting objects: 100% (358/358), done.
Delta compression using up to 8 threads
Compressing objects: 100% (122/122), done.
Writing objects: 100% (358/358), 65.54 KiB | 65.54 MiB/s, done.
Total 358 (delta 213), reused 358 (delta 213)
remote: Resolving deltas: 100% (213/213), completed with 32 local objects.
To https://github.com/microsoft/ccf-app-samples.git
 ! [remote rejected] refs/pull/10/head -> refs/pull/10/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/11/head -> refs/pull/11/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/12/head -> refs/pull/12/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/13/head -> refs/pull/13/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/16/head -> refs/pull/16/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/19/head -> refs/pull/19/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/20/head -> refs/pull/20/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/21/head -> refs/pull/21/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/22/head -> refs/pull/22/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/24/head -> refs/pull/24/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/25/head -> refs/pull/25/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/31/head -> refs/pull/31/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/33/head -> refs/pull/33/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/34/head -> refs/pull/34/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/36/head -> refs/pull/36/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/37/head -> refs/pull/37/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/40/head -> refs/pull/40/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/42/head -> refs/pull/42/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/44/head -> refs/pull/44/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/7/head -> refs/pull/7/head (deny updating a hidden ref)
 ! [remote rejected] refs/pull/9/head -> refs/pull/9/head (deny updating a hidden ref)
error: failed to push some refs to 'https://github.com/microsoft/ccf-app-samples.git'

[takuro-sato]

According to rtyley/bfg-repo-cleaner#36 (comment), deny updating a hidden ref shouldn't be a problem.

[takuro-sato]

We confirmed that the current main (18bf65d) has no problem with CredScan .

The current main was made using bfg tool.
Note: Due to the bug of Azure DevOps, the import needs to be done with CLI (Create an empty repo in Azure DevOps then push the content of the repo using git command).