Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

On GitHub, when you create a pull request (PR) from a branch, you are able to view commit history even if you close the PR and delete the branch. This means that if you have sensitive data on GitHub that should not be exposed, the data will still be shown there even if you make an extra commit to remove it.

What you need is not to make additional commits, but to modify the commits you made.

Solution 1 (easy): Remove commits and close the PR

  1. keep the PR open and do not delete the branch

  2. create a local back up branch in case you want to cherry-pick commits later on

  3. switch to the branch of the PR that has the sensitive data

  4. make a commit to delete the sensitive data if you have not

 Why is this required?

After force pushing your branch, GitHub shows you the difference between the last commit made to the branch before force-pushing the branch and the latest commit of the branch after force-pushing, and those two commits are accessible. This means that if the last commit made to the branch before force-pushing has sensitive data, the sensitive data will still be visible on GitHub.

Screen Recording 2023-08-09 at 12.58.05 PM.mov

  1. push the branch

  2. find a previous commit of the commit that added the sensitive data and copy the commit hash

  3. hard-reset

    git reset --hard <commit-hash>
  4. force push

    git push -f
 Demo

Situation: We have a PR that has two commits. The first commit has sensitive data.

  1. make a commit to remove the sensitive data

  2. push the branch

  3. hard-reset to the commit before adding the sensitive data

  4. force-push

    Screen Recording 2023-08-09 at 1.31.36 PM.mov

Solution 2 (advanced): Rewrite commits and keep the PR

  1. create a local back up branch in case the branch is messed up

  2. switch to the branch of the PR that has the sensitive data

  3. make a commit to delete the sensitive data if you have not (this is for the sensitive data not to show on GitHub after force-pushing)

  4. push the branch

  5. rewrite commit history using git rebase -i
    (https://docs.github.com/en/get-started/using-git/using-git-rebase-on-the-command-line )

  6. force-push

 Demo

Situation: We have a PR that has two commits. The first commit has sensitive data.

  1. make a commit to remove the sensitive data

  2. push the branch

  3. rewrite commit history

    Screen Recording 2023-08-09 at 3.44.24 PM.mov

  4. force-push

  • No labels