DavidCain/publish_private_repo.sh

## publish_private_repo.sh
# Publish a private repository to a publically-viewable repo, with one private file totally purged
#
# Takes extreme precaution to purge all objects & references with sensitive data


export REPO_PATH='/tmp/staging-repository'  # Where our temporary repo lives
export PRIVATE_REPO='git@github.com:mitoc/mitoc-ansible.git'  # Private repo with sensitive data
export PUBLIC_REPO='git@github.com:DavidCain/mitoc-ansible.git'  # Repo viewable to the world
export SENSITIVE_FILE='env_vars/production.yml'  # File to be omitted from history

# Start by cloning the private repository with sensitive data
git clone $PRIVATE_REPO $REPO_PATH

# Move into our Git repository
pushd $REPO_PATH

# Remove the reference to the original repo (we won't be using it again)
git remote rm origin
git filter-branch --force --index-filter "git rm --cached --ignore-unmatch $SENSITIVE_FILE" --tag-name-filter cat -- --all

# Prune references to be _very_ sure the repo is safe
# (https://help.github.com/articles/removing-sensitive-data-from-a-repository/)
git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin
git reflog expire --expire=now --all
git gc --prune=now

git remote add public $PUBLIC_REPO

# Fetch from our remote & push only with lease (to be sure we're not overwriting)
git push --force-with-lease public master

echo "Pushed contents of $PRIVATE_REPO to $PUBLIC_REPO, omitting $SENSITIVE_FILE"

# Cleanup: Optionally remove the temporary dir, return to starting dir
while true; do
    read -p "Prune staging directory? ($REPO_PATH) [y/n] " yn
    case $yn in
        [Yy]* ) rm -rf $REPO_PATH; break;;
        [Nn]* ) break;;
    esac
done
popd
	# Publish a private repository to a publically-viewable repo, with one private file totally purged
	#
	# Takes extreme precaution to purge all objects & references with sensitive data


	export REPO_PATH='/tmp/staging-repository' # Where our temporary repo lives
	export PRIVATE_REPO='git@github.com:mitoc/mitoc-ansible.git' # Private repo with sensitive data
	export PUBLIC_REPO='git@github.com:DavidCain/mitoc-ansible.git' # Repo viewable to the world
	export SENSITIVE_FILE='env_vars/production.yml' # File to be omitted from history

	# Start by cloning the private repository with sensitive data
	git clone $PRIVATE_REPO $REPO_PATH

	# Move into our Git repository
	pushd $REPO_PATH

	# Remove the reference to the original repo (we won't be using it again)
	git remote rm origin
	git filter-branch --force --index-filter "git rm --cached --ignore-unmatch $SENSITIVE_FILE" --tag-name-filter cat -- --all

	# Prune references to be _very_ sure the repo is safe
	# (https://help.github.com/articles/removing-sensitive-data-from-a-repository/)
	git for-each-ref --format='delete %(refname)' refs/original \| git update-ref --stdin
	git reflog expire --expire=now --all
	git gc --prune=now

	git remote add public $PUBLIC_REPO

	# Fetch from our remote & push only with lease (to be sure we're not overwriting)
	git push --force-with-lease public master

	echo "Pushed contents of $PRIVATE_REPO to $PUBLIC_REPO, omitting $SENSITIVE_FILE"

	# Cleanup: Optionally remove the temporary dir, return to starting dir
	while true; do
	read -p "Prune staging directory? ($REPO_PATH) [y/n] " yn
	case $yn in
	[Yy]* ) rm -rf $REPO_PATH; break;;
	[Nn]* ) break;;
	esac
	done
	popd