-1

My project uses a secret token that I want git to ignore, while still tracking the file which should contain it.

Most results I have found seem to suggest using a content filter driver, but from what I can tell that needs each user to edit their git config after cloning (ie. (from link) git config --global filter.yourFilterName.smudge 'sed "s/isPhoneGap = .*/isPhoneGap = true/"'). I want it to be possible to clone/setup the project without having to do more than git clone and copy-paste the token into a specified location - no need to run any included scripts, creating any [gitignored/external] files (to paste into), or otherwise configure things. So those filters would not work.

Initially I though it would be as simple as pushing an empty/template file to the repo, and then adding it to .gitignore, but it turns out that you can't ignore tracked files. And using skip-worktree or assume-unchanged (which are Answers to some similar questions) seem to have various issues. And need to be run on the client just like the filters anyway.

So I am left wondering: How do I accomplish something as 'simple' as a repo-side setting to ignore changes to a tracked file?

ps: might be worth noting that I am using github?

felix
  • 111
  • 1
  • 8
  • 1
    Would an adequate workaround being having a template file tracked of the actual file? Then users have to copy the temaplate and add the token rather than just adding the token - one extra step. The template file can be tracked and the proper location for the file can be ignored. – SpoonMeiser Dec 01 '21 at 11:21
  • 1
    Q: "How do I accomplish something as 'simple' as a repo-side setting to ignore changes to a tracked file?" A: You don't, there is no such support. You will have to figure out a way to configure your local running application *without* storing the key in the repository. The normal way is to commit a template file only to the repository, and let developers make a copy of the template to the actual file, which is then ignored in gitignore. – Lasse V. Karlsen Dec 01 '21 at 12:20
  • @LasseV.Karlsen This (`You don't, no such support`) is the closest to an actual answer so far, if you post it as one and no other answer appeared by tomorrow I would probably Accept it. – felix Dec 01 '21 at 13:48
  • 1
    Actually, come to think of it I think there should be good duplicates to link to instead of having another answer. – Lasse V. Karlsen Dec 01 '21 at 14:23
  • The reason I made the question was because I at least didn't find any duplicate. The closest were like the one I linked, where question allows extra things [beyond clone and paste] to be done downstream. – felix Dec 01 '21 at 16:07
  • Git specifically mentions [in the FAQ](https://git-scm.com/docs/gitfaq#ignore-tracked-files) that ignoring tracked files isn't possible. Adam's answer is the best approach, which is recommended in the FAQ, and you can use a script if you like. If you don't want to do that, then I'm afraid the answer is that what you want can't be done. – bk2204 Dec 01 '21 at 22:42

1 Answers1

0

The secret token is part of your project's configuration. The user or any instance of your repository needs the option to change the configuration but you also want to support a simple clone, build, run process where the project will just work out of the box. I suggest you separate your configuration into two files.

The first file will be the default configuration which will have all the various defaults and a placeholder non-secret token for the project. The user will not be expected to change this file. The file might be at $GIT_DIR/etc/project.config.

The second file will be optional, ignored by (or not even present in) the repository and the user will be instructed to set any local configuration there. The file might be at $HOME/project.config

When the project looks for configuration it should first look for the local configuration file and defer to the default configuration if a particular setting isn't found.

This is a common pattern, to pick an example out of the air... git does this! git has many configuration files is consults such as; $(prefix)/etc/gitconfig, optionally a $HOME/.gitconfig, optionally each repo has $GIT_DIR/.git/config.

Adam
  • 4,180
  • 2
  • 27
  • 31
  • Aware this doesn't solve the question as answered but I think the approach has more potential that twisting git to make it work. – Adam Dec 01 '21 at 12:20
  • Like you mention, it doesn't answer the question, as the `$HOME/project.config` file is still tracked by git. ps: no idea why you suggest making `$HOME` be a subdirectory in the repo..? Or were you suggesting making it non-portable? pps: I was unaware that git could track `$GIT_DIR/.git/config` ppps: To clarify as it seems I explained it poorly, the repo doesn't have a value by default. It is empty and needs to be set, *but I still want the file where you set the value to exist* (hence tracked, but empty). – felix Dec 01 '21 at 13:43
  • 1
    @felix, I do not suggest that `$HOME` or `$GIT_DIR/.git` can be tracked. The only file tracked in my suggestion is `$GIT_DIR/etc/project.config`. My suggestion is that the project should support more than one location to gather config from. – Adam Dec 01 '21 at 14:59
  • 1
    Yup. Content that shouldn't be tracked goes in a file that isn't tracked. Not much is simpler than that. – jthill Dec 01 '21 at 15:15
  • That would make it impossible for `git clone` to create the file in question afaik (can only create files inside the repo), which was part of the question. It would also make it non-portable. – felix Dec 01 '21 at 16:00
  • @jthill Then the file is also not created by the clone process, and would require some extra operations to be performed by the user (such as running a supplied script, or creating it manually) increasing the complexity of installation-instructions. – felix Dec 01 '21 at 16:02
  • It's copying text, `xcl>that.file` for me, if your users can't make copying text to a file easy, they're probably going to choke really, really hard on anything they'd want Git for. – jthill Dec 01 '21 at 16:34
  • @felix, what kind of project is it? Who are your users? – Adam Dec 01 '21 at 17:28
  • @Adam Myself in a year or 3 when I forgot everything about how to set things up, and hope to avoid writing down instructions beyond "copy the cookie's token into this file" :D It's a project/environ for doing Advent of Code (hence why it needs my session-token, to GET the inputs) – felix Dec 01 '21 at 17:35
  • @felix You're stressing the small things. Just put some defensive code at the top of your scripts like `if(!FileExists("token.txt")){ throw new FileNotFoundException("token.txt not found. Please put your session token into the token.txt file.")};`. – Adam Dec 01 '21 at 17:42