On GitHub, when you create a pull request (PR) from a branch, you are able to view commit history even if you close the PR and delete the branch. This means that if you have sensitive data on GitHub that should not be exposed, the data will still be shown there even if you make an extra commit to remove it.

What you need is not to make additional commits, but to modify the commits you made.

Solution 1 (easy): Remove commits and close the PR

1. keep the PR open and do not delete the branch

2. create a local back up branch in case you want to cherry-pick commits later on

3. switch to the branch of the PR that has the sensitive data

4. make a commit to delete the sensitive data if you have not

5. push the branch

6. find a previous commit of the commit that added the sensitive data and copy the commit hash

7. hard-reset

   git reset --hard <commit-hash>

8. force push

   git push -f

 Demo

Situation: We have a PR that has two commits. The first commit has sensitive data.

1. make a commit to remove the sensitive data

   

2. push the branch
   

   

3. hard-reset to the commit before adding the sensitive data

   

4. force-push
   

   Screen Recording 2023-08-09 at 1.31.36 PM.mov

Solution 2 (advanced): Rewrite commits and keep the PR

1. create a local back up branch in case the branch is messed up

2. switch to the branch of the PR that has the sensitive data

3. make a commit to delete the sensitive data if you have not (this is for the sensitive data not to show on GitHub after force-pushing)

4. push the branch

5. rewrite commit history using git rebase -i
   (https://docs.github.com/en/get-started/using-git/using-git-rebase-on-the-command-line )

6. force-push

 Demo

Situation: We have a PR that has two commits. The first commit has sensitive data.

1. make a commit to remove the sensitive data

   

2. push the branch

   

3. rewrite commit history

   Screen Recording 2023-08-09 at 3.44.24 PM.mov

4. force-push