...
What you need is not to make additional commits, but to modify the commits you made.
Solution 1 (easy): Remove commits and close the PR
keep the PR open and do not delete the branch
create a local back up branch in case you want to cherry-pick commits later on
switch to the branch of the PR that has the sensitive data
make a commit to delete the sensitive data if you have not
| Expand | ||
|---|---|---|
| ||
After force pushing your branch, GitHub shows you the difference between the last commit made to the branch before force-pushing the branch and the latest commit of the branch after force-pushing, and those two commits are accessible. This means that if the last commit made to the branch before force-pushing has sensitive data, the sensitive data will still be visible on GitHub. |
push the branch
find a previous commit of the commit that added the sensitive data and copy the commit hash
hard-reset
Code Block git reset --hard <commit-hash>
force-push
Code Block git push -f
| Expand | ||
|---|---|---|
| ||
Situation: We have a PR that has two commits. The first commit has sensitive data. 
|
Solution 2 (advanced): Rewrite commits and keep the PR
create a local back up branch in case the branch is messed up
switch to the branch of the PR that has the sensitive data
make a commit to delete the sensitive data if you have not and push the branch (this is for the sensitive data not to show on GitHub after force-pushing)push the branch
rewrite commit history using
git rebase -i
(https://docs.github.com/en/get-started/using-git/using-git-rebase-on-the-command-line)force-push
...