0

I have a project which is deployed on Heroku and I would like to make a public version for Github. The problem is that there is a folder libs which contains multiple .js files and should be pushed to Heroku, but not Github. Obviously, Heroku CLI config with is not the answer as I have entire files to hide, not just API keys.

So, how can I push the full project to Heroku, but only the partial project to Github? Most of the answers I found talked about the Heroku CLI which cannot apply in my case, because I am trying to hide files, not keys, and another quite hardcore answer was to push first to have a github branch on which I would git cherry-pick commits on the heroku branch. I've been using the previous answer so far, but it is quite hard to always repeat this procedure (at least git checkout github -> git cherry-pick COMMIT-ID) and kind of messes the history.

So I tried making a post-commit hook so that every time I committed on master (heroku), it would switch to the github branch, cherry-pick the commit then come back to master so that the procedure would look seamless. Unfortunately, this only works sometimes but glitches git more than anything.

branch=`git branch | grep \* | cut -d ' ' -f2`

if [ "$branch" ="master" ]
then
    echo "Executing post-commit script (cherry-pick)..."
    commitID=`git rev-parse HEAD`

    git checkout Github
    git cherry-pick $commitID 
    git checkout master

    echo "Cherry picked $commitID into Github branch"
fi

EDIT: Seems like the post-commit hook seems to work most of the time now. I think the problems come when I commit via VSCode, but if I commit through the terminal, it runs cleanly without weird behavior... Still, it would be nice to have a perhaps safer way to do this.

  • After reading a bit more, why are you cherry-picking instead of merging? – Major Mar 12 at 5:23
  • Merging would apply the commits on master (which contains the commit where the sensitive files were added). By cherry picking, only the changes done on the cherry-picked commit will be applied. So what I did is first make a commit on master that has the sensitive files without merging or cherry-picking this commit on the github branch. Then, the next commit on master that contains public changes can get cherry-picked into github, leaving the sensitive files unmerged. Since the above script runs for every commit, it should be disabled before making another commit with sensitive files in master. – MaxiJonson Mar 12 at 18:52
1

Work on master and merge master into heroku when you need to push. When you need to change something Heroku-specific, switch to heroku and commit there. I can't think of any better solution.

*   8a5767e (HEAD -> heroku) Merge branch 'master' into heroku
|\
| * 12fcd68 (master) Change public.js
* | 54db1a6 Add secret files (e.g. `/libs`)
|/
* 8aa2e42 Init
  • Yes, using specific branches for specific remotes makes sense. Just make sure to never accidentally push the heroku branch to github. – Major Mar 12 at 5:14
  • I thought of that, but then I wouldn't have access to my secret files (/libs) on master since they should only exist on the heroku branch... – MaxiJonson Mar 12 at 18:44
  • 1
    What if you add the sensitive files to the .gitignore file in just the github branch? When you change branches they won't be changed, you merge any changes that happen in github to heroku, then make any changes you need to in the sensitive files on the heroku branch only. Seems like it would work. – Major Mar 12 at 20:30
  • @Major they actually get removed when you checkout github. But there might be a way to work around this. – WofWca Mar 13 at 3:15
  • @WofWca if there is a way around this, then your answer might just work, I just couldn't find a workaround... – MaxiJonson Mar 14 at 1:57
0

Since this post hasn't gotten any answer that suited my needs, I since then kept my cherry-picking solution with the git hook. I've since improved it and so far it has been working just fine. Here's my post-commit hook. You can edit the heroku and github variable to whatever the name of your branches are (heroku is the private branch, github is public). When committing on the heroku branch, in my case master, the hook will switch to the github branch and cherry-pick the commit into it, then switch back to master. It happens all so fast that you don't even notice the switch! All you have to do is push your work when you're ready!

#!/bin/sh

# After each commit on master (Heroku), it will switch to the Github branch and cherry-pick that commit into it. Then, switch back to master.
# This makes the committing flow seamless so all you have to do is push (which is safer done manually than with a hook)
# IMPORTANT: ANY changes in sensitive files should be commited alone (without public changes) or the sensitive files will be cherry picked in the public branch
# To skip this cherry-picking procedure (when you add a sensitive commit), start the commit message with "NCP" e.g.: "NCP Add some secret stuff"

ERR='\e[31m'
SUCCESS='\e[32m'
WARN='\e[33m'
space="\n\n\n"

branch=`git branch | grep \* | cut -d ' ' -f2`
heroku="master"
github="Github"

if [ "$branch" = $heroku ]
then
    echo -e $space

    message=`git log -1 --pretty=%B`
    if [[ $message = NCP* ]]; then
        echo -e "${WARN}NOT cherry-picking (commit message starts with 'NCP')"
        echo -e $space
        exit 0;
    fi

    echo -e "${WARN}Executing post-commit script (cherry-pick)..."
    commitID=`git rev-parse HEAD`

    if git checkout $github; then
        if git cherry-pick $commitID; then
            echo -e "${SUCCESS}Cherry picked $commitID into $github branch"
            if ! git checkout $heroku; then
                echo -e "${ERR}Couldn't checout to $heroku"
                echo -e $space
                exit 1
            fi
        else
            echo -e "${ERR}Failed to cherry pick $commitID into $github branch. Do it manually"
            echo -e $space
            exit 1
        fi
    else
        echo -e "${ERR}Couldn't checkout to $github"
        echo -e $space
        exit 1
    fi

    echo -e $space
fi

exit 0

DISCLAIMER: I'm a total beginner in bash scripting, this is literally the first script I wrote in 2 years! But I hope it works enough for your needs since it does for me!

Your Answer

By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.