tags:

views:

333

answers:

4
+3  Q: 

Using github to host public git repositories whilst ensuring that sensitive data files remain untracked

My app is hosted on Heroku and I have a public github repo too.

My app has a config file containing my amazon S3 credentials. It's important to ensure that the file gets pushed to heroku but not github.

So I was thinking that I could push my master branch to heroku and create a seperate github branch and ensure that it's .gitignore file references my s3.yml file. I could then just do "git push origin github:master" to push the github branch to github.com

This works fine for the first commit.

But then I switch to my master branch, write some awesome code and then push it all to heroku. I then switch back to my github branch and do "git merge master" so that the new code gets added to it. But this causes the s3.yml and gitignore files from the master branch to get copied into the github branch. Cue head-to-desk banging session.

Is there any advice on ways to keep branches synched up whilst ensuring that untracked files remain untracked. Can I tell git not to merge in the unwanted S3.yml file and the different .gitignore file?

Am I flogging a dead horse here? I can't justify paying for a private github account yet but I imagine the answer will involve doing just that.... or switching to projectlocker

I'm hoping that this problem is just down to my crap git skills and that there is a way.... thanks in advance

EDIT::: The accepted answer is a great solution, but I've just found a new one that I like much more. Read about it here: http://docs.heroku.com/config-vars - those clever people at Heroku have an answer for everything... seriously awesome

+2  A: 

in SVN this is called 'ignoring files' so I assume it will be something similar in GIT - I don't use GIT so don't quote me on this, but I've found this reference on the GITHub website:

http://github.com/guides/ignore-for-git

Hope that helps

phalacee  2010-02-12 06:35:35
I've been using the method detailed on that link for a some time now, but thanks anyway :)
stephenmurdoch  2010-02-12 07:31:58
A: 

If you use a branch named heroku as your "alternative master" branch (with sensitive data) and your old master branch without the sensitive data, then you could always do

git merge master

So you can push heroku branch to heroku not the master branch.

Vili  2010-02-12 06:41:07
thanks but this still results in the same problem. if I develop in the new heroku branch, I will always need to merge the changes into the master (github) branch, which means that the config files get copied over and if I develop on the master branch, then I need to have the config files available as otherwise my app won't work during development. Thanks though.
stephenmurdoch  2010-02-12 07:42:40
+5  A: 

But this causes the s3.yml and gitignore files from the master branch to get copied into the github branch

You can avoid that with a custom merge driver which will make sure to the .gitignore file of the github branch will always retain its content over the one merged from master.

See How do I tell git to always select my local version for conflicted merges on a specific file?

VonC  2010-02-12 06:55:17
Thanks! The custom merge driver is exactly what I wanted! Nice write-up by the way.
stephenmurdoch  2010-02-12 07:34:12
Note that this might not do what you want -- the head of the branch will have the correct file in it, but if you did a merge using Git then the head commit will have two parents, both accessible. One will be from your github branch and the other from the master branch, still containing your passwords.
Andrew Aylett  2010-05-13 19:18:36
+1  A: 

You could maybe move the "dangerous" files away from git entirely - eg have them in ~/.yourapp or something like that. (that doesn't really answer the question directly but its what lots of software does - .fetchmail, .ssh, ...) and would permit other users to do the same.

Ben Clifford  2010-02-12 08:20:11

related questions

How to have two remote orgins for Git?
Why is branching and merging easier in Mercurial than in Subversion?
Is there a better way of writing a git pre-commit hook to check any php file in a commit for parse errors ?
Bug tracker setup with Git integration?
Does git have anything like `svn propset svn:keywords` or pre-/post-commit hooks?
git-stash vs. git-branch
Git "bad sha1 file" error
Should I use GitHub+Fogbugz or Assembla?
How do you remove a specific revision in the git history?
How do you organise multiple git repositories?
What is the Difference Between Mercurial and Git?
How do I restore files to previous states in git?
Is there anything like TortoiseCVS and TortoiseSVN for git?
Good Git repository viewer for Mac
Deploying a Git subdirectory in Capistrano
How to "unversion" a file in either svn and/or git
How can I graph the Lines of Code history for git repo?
Switch branch names in git
Migrating to GIT
How can I set up an editor to work with Git on Windows?
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Version Control. Getting started...
Why is Git better than Subversion?
Distributed source control options