Search code examples
gitmergeconfigapp-secret

Git custom merge to handle configuration files


So I was searching for a way to handle the configurations file in a git projet. I read some articles about the subject but all of them where suggesting a second, local-only file. And that doesn't feel right to me.

So I messed around with some of the git commands to find a way to achieve things another way.

A way I found this could be possible may be like this :

Files

The config for the example is a simple key : value list inside a file.

The local state is the lastest pulled version of the template :

1 : 1
2 : 2
3 : 3

The remote state is the version on the repository :

1 : 1
a : 2
3 : 3
4 : 4

On this file I have one new field : 4 and a modified field a.

Finally the working state is the configuration file used by the application. It is a copy of the local file modified with the secret values for running the application. This version should not be pushed to the repository.

1 : secret1
2 : secret2
3 : secret3

Flow

Here is the workflow I thought about :

On pull/checkout :

  • backup the working file into a separate file to prevent being rewritten;
  • do a merge on the local and the remote to get the last configuration template;
  • somewhat merge the local and the saved_working.

The last merge should provide user a display for the new field to add, as long as not overriding the existing fields values.

An example of such operation may be :

1st merge :

-    2 : 2
+    a : 2
+    4 : 4

2nd merge :

1 : secret1
-    2 : secret2
+    a : 2
3 : secret3
+    4 : 4

And now, before being able to use the application again, we clearly see the lines to changes.

What do you think ?


Solution

  • I think an application should be able to read many configuration files, and only a default configuration file should be stored in the repository; for example:

    1. read /path/to/the/app/default.conf
    2. read a system-wide /etc/application.conf
    3. read user configuration (ie: ~/.config/application.conf), if it is in the same directory than the application, use a .gitignore

    Some projects (like ansible with Vault) store an encrypted version of the configuration file, that could be a solution too.

    Would it work for your setup?

    Another suggestion would be a separate branch where you cherry-pick the code or the configuration, depending your preferences.

    Edit: precisions about cherry picking.

    This was just a suggestion, it's like your toughs about merging, except you choose which commits you want to get from the "remote".

    On your machine, working in the local branch:

    1. git fetch
    2. either git merge master or git cherry-pick the commits you want

    Nothing ground-breaking, I'm not sure if you expect the operation to be automated or manual.