Search code examples
gitgithubgit-filter-branchgit-rewrite-historybfg-repo-cleaner

Git repo history cleanup - tried BFG step by step - but the PR having lot more diffs - and how to check if password removed from history

I am trying to remove the password(s) from my Git repo history (I removed passwords from my Git repo long time back manually but not from history, and this time trying to clean throughout the history of my Git repo)

And for same, started with forking the main repo and went through and followed the steps - BFG Repo-Cleaner and tried to search on StackOverflow like this

Everything looks well with all the steps followed on local Git repo, and last is git push, but after that I don't see commits on my forked repo, though I see this message This branch is 853 commits ahead, 853 commits behind, and it gives option to create PR (as well as compare) and in this PR I see lot of diffs[like the new file which was created some time back, and still exists in the current version] which has nothing to do with the password I am trying to replace.

The Git version is 2.21.0

Solution

  • Instead of BFG, try the new git filter-repo, which will replace the old git filter-branch or BFG

    Example:

    To replace the text 'password' with 'p455w0rd':

    git filter-repo --replace-text <(echo "password==>p455w0rd")

    But the end result will be the same: a new commits history, not just for your current branch, but for all branches (where your password was found)
    That means a git push --all --force, to override the history of the remote repository.

    If the password was added only in the PR branch then removed, filter only that PR branch instead of everything, then rebase that new history on top of upstream/master

    Before password removal:

            u--u--u     (upstream/master)
       /
x--x--x             (master)
       \
        pr--pr--pr  (pull-request branch)

    After password removal, using --refs pr (replace 'pr' by the name of your pull-request branch: git filter-repo --replace-text <(echo "password==>p455w0rd") --refs pr)

            u--u--u     (upstream/master)
       /
x--x--X             (master)
      |\
      | pr'--pr'--pr'  (new pull-request branch)
       \
        pr--pr--pr  (old pull-request branch)

    You need to rebase that new branch on top of upstream/master, assuming that upstream is the original repository to where you are making a PR.

    git fetch upstream
git switch pr
git rebase upstream/master

    Then the PR would only include your commits, not every commits since the beginning of time.