This post was most recently updated on March 15th, 2023.
2 min read.Ah – this was a fun one. I needed to figure out how to purge, flush and clear your commit history on GitHub. Turns out it isn’t as easy as clicking a button in the web user interface – the world is apparently not ready yet! 😁 Luckily, it wasn’t that complicated either – and the steps should work for other flavors of git as well.
Background
Always remember to .gitignore your secrets, folks! And if you forget, pray you’re not committing to a public repository! And even if it’s a private one, purge the history afterward.
So, yeah – I messed up. After recycling the secret I ended up committing in error, I decided to cleanse the world of my mistake, and figure out how to destroy the history of my repository without actually removing the repository itself. And then I decided to publicize my mishap so that others might learn from it :)
On a side note, it’s lucky I’m using an old-fashioned version control like git, because if this was on blockchain, the process would’ve been far more complicated!
Solution
Let’s jump into it and nuke your secrets or embarrassing code comments from the commit history! 😁
Time needed: 30 minutes
How to remove your Git commit history?
- Remove all of your local git history
In Windows:cd myrepo
rmdir /S .git
In whatever cool operating system the youngsters now use:cd myrepo
rm -rf .git - Init a new repository
Now that the existing history has been destroyed
git init
git add . - .gitignore your files
At this point, your repository is empty with plenty of code to commit. This time, make sure NOT to commit anything you don’t want everyone else to see!
- Re-commit your data
Okay, now you’re ready to commit your actual files.
That can be done somewhat like this:git commit -m "Removed history, due to sensitive data" - Push to remote
The following will add your repo on GitHub as an origin and force push your changes there, overwriting the whole history.
git remote add origin github.com/username/myrepo
git push -u --force origin main
And there you go! Let me know how it goes for you, and which secret you ended up committing by mistake! 😁
For your information, mine was a token used in my Home Assistant configuration – I had .gitignored the secrets.yaml file, but I hadn’t properly removed some of the files Home Assistant generates – and one of them contains plenty of credentials. What fun.
References
He's been a developer from 2004 (starting with PHP and Java), and he's been working on .NET projects, Azure, Office 365, SharePoint and a lot of other stuff. He's also Microsoft MVP for Azure.
This is his personal professional (e.g. professional, but definitely personal) blog.
- How to output all Environment Variables in Azure DevOps with PowerShell? - April 9, 2024
- CSOM suddenly throwing exceptions when trying to access list contents in SharePoint? A weird fix. - April 2, 2024
- “Predefined type ‘System.Object’ is not defined or imported” and other System namespace stuff missing in your solution? - March 26, 2024
