I am using bfg-cleaner to delete some files from github containing senstive information. it works fine except for pull requests. the sensitive date still exists in pull requests . How can I get rid of this?
First, You can consider the new git filter-repo, which will replace the old git filter-branch or BFG.
It has many usage examples, including path-based filtering:
To keep all files except these paths, just add
--invert-paths:git filter-repo --path aFileToRemove --invert-paths
Second, regarding pull-requests, you would need to fetch them first
[remote "origin"]
fetch = +refs/heads/*:refs/remotes/origin/*
url = [email protected]:joyent/node.git
fetch = +refs/pull/*/head:refs/remotes/origin/pr/* <====
# Now fetch all the pull requests:
$ git fetch origin
From github.com:joyent/node
* [new ref] refs/pull/1000/head -> origin/pr/1000
* [new ref] refs/pull/1002/head -> origin/pr/1002
Then, after filtering, you will need to force push everything back.
As torek notes in the comments:
In this case, if someone is rewriting a repository to delete sensitive data, and someone else has made a PR, the sensitive data might be in the someone-else's repository.
So purging PR branches might not be enough anyway. Any fork (from which a PR was made) would still have the sensitive data anyway.
If there are no forks and the PR are done using local branches (to the repository), then you don't need to fetch any refs/pull.
Modifying the source branch of a PR and force pushing it should be enough to change the Pull Request (although, its page might still reference the previous commits which are now obsolete).