I have some IDE run configuration files that I'd like to commit to my git repository so our team can share them. Unfortunately, they may be modified later to include private or secure system properties. Therefore, I would also like to disallow them to change once committed. The initially committed files will not include any private, secure, or sensitive information.
Is it possible to commit files to a repository permanently, and permanently disallow them to be modified? I am aware of temporary ways to do this on a local clone (such as untracking the file) but I'd like to always have them in the remote, just instruct git to never track any changes, even for new clones.
CodePudding user response:
Is it possible to commit files to a repository permanently, and permanently disallow them to be modified?
Sort of.
Here are some options which "sort of" achieve what you want:
- Setup a commit hook that developers use locally to prevent accidentally committing that file.
- Setup a Code Owner rule in GitHub for that specific file in conjunction with Branch Protection, so that only specific people can allow a PR to be completed if that file is modified.
You can't force #1. You can force #2 but that wouldn't stop developers from accidentally pushing sensitive data into the shared repo. But it would at least prevent it from getting merged in without certain people approving it. Perhaps some combination of these would be best.
Alternative?
Another approach would be to try to avoid this completely. One way to achieve it is to have an overlay/transform file that is untracked and can be in the .gitignore file. Then you can have:
my-file-base # checked in and tracked like a normal file
my-file-override # Listed in .gitignore
And the "thing" that reads that file can check for the existence of my-file-override
and if it's there, it can modify my-file-base
with the overrides, and/or add in the new stuff. Each developer can set that up as desired.
Side Note:
Just a word of caution, from the Git documentation regarding update-index
:
Users often try to use the assume-unchanged and skip-worktree bits to tell Git to ignore changes to files that are tracked. This does not work as expected, since Git may still check working tree files against the index when performing certain operations. In general, Git does not provide a way to ignore changes to tracked files, so alternate solutions are recommended.
CodePudding user response:
The Git FAQ covers the case of wanting ignore changes to tracked files, and explains why it's not possible with Git.
Fortunately, it is easy to handle the configuration case you want to handle. Take the actual configuration file and ignore it. Then, check in a template or set of defaults, which uses can customize themselves or use a script to set up by copying into the actual configuration file location. This is the recommended approach for most of these cases.
If you're using GitHub Enterprise Server, you can restrict pushing of certain files with a pre-receive hook, but this capability isn't available on github.com. Regardless, it's better to avoid the need for the hook if possible by using the recommended approach.