0

I am looking for some way to remotely ignore all modifications to a file added in a Git repo.

File: .env.secret

USERNAME=
PASSWORD=
  • Here we have a file named .env.secret in the root of the Git repo.
  • It has been remotely added to the repo.

We are wanting to make sure that any user who updates this file never uploads their changes remotely.

As far as I know, a user can only locally ignore updates to a file with the following command:

git update-index --assume-unchanged .env.secret

Is there any way to not require a user to run this command in order to ignore updates to the file .env.secret?

Neil Graham
  • 593
  • 1
  • 5
  • 17
  • 2
    `Here we have a file named .env.secret in the root of the Git repo.` simply do not put this file in the git repo at all. Finding a workflow that makes that possible should be the focus (lowest effort being move the file somewhere else, and add `.env.secret` to `.gitignore`). Here's a reference https://12factor.net/config – AD7six Feb 07 '23 at 20:16
  • 1
    See [this post](https://stackoverflow.com/questions/13630849/git-difference-between-assume-unchanged-and-skip-worktree): You want `--skip-worktree`, not `--assume-unchanged`. – j6t Feb 07 '23 at 21:56
  • As said by @j6t, use `--skip-worktree` and no there is no way to do what yo ask for... – Philippe Feb 07 '23 at 23:35
  • [The Git FAQ is clear](https://git-scm.com/docs/gitfaq#ignore-tracked-files) that neither `--skip-worktree` nor `--assume-unchanged` should be used. – bk2204 Feb 08 '23 at 01:35

1 Answers1

3

Your question is a specific case of the general question about how to ignore tracked files. The Git FAQ is clear that this doesn't work:

Git doesn’t provide a way to do this. The reason is that if Git needs to overwrite this file, such as during a checkout, it doesn’t know whether the changes to the file are precious and should be kept, or whether they are irrelevant and can safely be destroyed. Therefore, it has to take the safe route and always preserve them.

It’s tempting to try to use certain features of git update-index, namely the assume-unchanged and skip-worktree bits, but these don’t work properly for this purpose and shouldn’t be used this way.

The best way to handle this is to move the file somewhere else as a template, and make .env.secret ignored, possibly with a script to generate the file from the template. Then, since .env.secret is ignored, it will never be uploaded, and users can have the file however it needs to be correctly on their system.

bk2204
  • 64,793
  • 6
  • 84
  • 100
  • I do like this approach. At the beginning of my script I will check to see if the file `.env.secret` exists, if it does not exist then the corresponding template file will be copied over to `.env.secret`. The file `.env.secret` is always ignored and never gets pushed remotely. Thank you! – Neil Graham Feb 08 '23 at 17:18