Skip to content

Instantly share code, notes, and snippets.

@peterfpeterson

peterfpeterson/README.md

Created February 17, 2022 15:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save peterfpeterson/6b8073f0f4d3998ea441311385c5aa73 to your computer and use it in GitHub Desktop.
Save peterfpeterson/6b8073f0f4d3998ea441311385c5aa73 to your computer and use it in GitHub Desktop.
Download ZIP
Cleaning out secrets from git repos
Raw
README.md

Bare mirror the repository (using example urls)

$ git clone --mirror git://example.com/some-big-repo.git

Mess with the repo (this one removes big files)

$ java -jar bfg.jar --strip-blobs-bigger-than 100M some-big-repo.git

Once you are done with cleanup it will gve a message about cleaning things up. This boils down to expiring the reflog and garbage collecting

$ cd some-big-repo.git
$ git reflog expire --expire=now --all && git gc --prune=now --aggressive

Then comes the missing step from the documentation. First is that you probably have protected branches that you want to overwrite. Go to your online git repository and unprotect them. The other problem is that generically you get extra "fake" refs that you can't push back. First turn off the fact that you have a mirror

$ git config --unset remote.origin.mirror

Then push only heads and tags

$ git push --force refs/heads/*
$ git push --force refs/tags/*

Finally, other developers need to update their copies of the repo with the new version of history. The "fancy" way of doing this is to rebase branches on their remotes.

$ git stash
$ git pull -r
$ git stash pop

The way that I had to do things becuase I was trying to be fancier still (only next needed clenaing in this case) is

$ git checkout main
$ git branch -D next
$ git checkout next

The "burn it to the ground" option is to re-clone the repository.

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment