Upstream relationship of GitHub repos to prevent accidentally uploading credentials
If this article looked extremely easy, and you feel like it’s a no-brainer — it is.
However, knowledge/information should be shared no matter how simple.
Premise: you can’t set permission separately for files/branches. (It’s also not a good practice in version control scheme.)
Premise: your project is public for people to use, utilizing their own credentials for services.
Problem: It’s just a small project, and complex CI/CD scheme could be avoided — how do I sync my credentials onto GitHub(stored in the same folder for maintainability) without accidentally leaking it?
Answer: Make two repos and sync one-way between them. Also GitHub importer.
https://github.com/new/import
Import your own existing repo, and set it Private.
Then:
cd Public_yourrepo
git remote add upstream Private_yourrepo.git
git push
and ignore(or remove) your credential files in your Public repo’s .gitignore.
This way, you can work in your Private dev repo (Private_yourrepo.git) all the time, only compare remote branches(Private dev repo) in your Public repo to sync changes from Private dev repo when necessary.
You can even have a setup like this(arrow points to upstream repo):
SomeprojectA<-your_forked_Private_repo<-your_Public_repo
Thus frequent update can be achieved.
I found that the scheme can prevent human error, since the only time credentials can be leaked is syncing.
When syncing and merging changes, humans are forced to stop, solving conflicts, thus preventing credentials being accidentally uploaded.