Tell me if that sounds familiar: you’re happily hacking on your codebase and, at some point, you type in a password / secret token / really shameful limerick that shouldn’t be sent to the repository mothership, but that you need on your local copy. Well, no sweat, you just have to remember not to commit that specific file. So hack, hack, hack go the fingers. Several hours later, satisfied by your work, you commit the fruit of your labor and send it to the master public repository. And, guess what? The file you were supposed to remember not to commit? You didn’t. And you did. Ooops.
Knowing how embarassingly failible my memory is, I looked for some automated safety net to use with Git. The most obvious would have been to use a push hook, but alas Git has no such thing, and if the latest thread I caught on the topic still hold, one isn’t going to appear anytime soon. Since that venue is (for now) closed, I turned to plan B: crafting a new git command, git-safepush:
#!/usr/bin/env perl
use 5.12.0;
use Git::Wrapper;
use File::chdir;
use IO::All;
use List::MoreUtils qw/ any /;
my $remote = shift @ARGV or die "usage: $0 <remote>";
my ( $local_branch, $remote_branch ) = split ':', shift @ARGV;
pop @CWD until any { /\.git$/ } glob "$CWD/.g*" or not @CWD;
die "not in a git repository\n" if $CWD eq '/';
my $git = Git::Wrapper->new($CWD);
$local_branch ||= ( ($local_branch) = grep { s/\* // } $git->branch )[0];
$remote_branch ||= $local_branch;
my $filename;
for ( $git->diff( join( '/', $remote, $remote_branch ), $local_branch ) ) {
$filename = $1 when /^diff --git .* b\/(.*?)$/;
die "'DO NO PUSH' seen in file '$filename', aborting push\n" when
/^\+.*#\s*DO NOT PUSH/;
}
$git->push( $remote, "$local_branch:$remote_branch" );
With that, I just had to add DO NOT PUSH in a comment line along
sensitive code, like so
# DO NOT PUSH
my $password = '$ecr3t';
and safepush is going to prevent me of doing anything foolish:
$ git safepush origin master:foo 'DO NO PUSH' seen in file 'MyConfig.pm', aborting push
No comments