monishcm
commented
3 years ago f3020dcb1edccbfe8b346d3ff01fd8a00f05549d
Open github-learning-lab[bot] opened 3 years ago
monishcm
commented
3 years ago f3020dcb1edccbfe8b346d3ff01fd8a00f05549d
github-learning-lab[bot]
commented
3 years ago Good guess, but the commit SHA ID that added the .env file is 848cd8c2043f6161a4f0043bffee212777281494
Try typing that commit id in a comment to move on.
monishcm
commented
3 years ago 848cd8c2043f6161a4f0043bffee212777281494
github-learning-lab[bot]
commented
3 years ago Nice, that's the commit that added the .env file. We'll need to remove the contents of this commit, as well as the commit that removed it from the history.
.env fileWe can do this with the following commands:
Since we cloned the repository earlier, let's run git checkout main to put us back on the main branch
Run git pull to update your local repository with the changes we merged from the contributor's pull request
Run git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch .env" HEAD to remove the historical reference to the .env file
Note: There is a lot going on with this command. We won't be diving into everything this command is doing, but it's filtering through the main branch and removing any cached reference to a .env file.
Next, let's run git push -f to force push this change to the main branch
Let's now run git log --oneline to get a list of our modified commit history
Paste your log output into this issue as a comment
monishcm
commented
3 years ago 2e325fc (HEAD -> main, origin/main, origin/HEAD) Merge pull request #9 from monishcm/add-gitignore 8369667 (origin/add-gitignore) Update .gitignore 9f49de3 Merge add-wolverine-image into main ed90055 (origin/add-wolverine-image, add-wolverine-image) Merge branch 'add-wolverine-image' of https://github.com/monishcm/security-strategy-essentials into add-wolverine-image 17d9de5 Add wolverine image to game 8c068cb Merge pull request #7 from monishcm/monishcm-patch-1 043a700 (origin/monishcm-patch-1) Create SECURITY.md e90d3b3 Merge pull request #4 from monishcm/revert-1-update-dependency 025454f (origin/revert-1-update-dependency) Update package.json e3ce756 Revert "Update the vulnerable dependency" c3d3c68 Merge pull request #1 from monishcm/update-dependency f3020dc Add .env file b881c0f Add wolverine image to game d433546 (origin/update-dependency) Change package.json file to highlight where dependency update should go 5eeb484 Add empty .gitignore file 56d6fbb Remove .env file 848cd8c Add .env file c5d4b69 Update README.md and Octocat game 89c7c6a Initial commit
github-learning-lab[bot]
commented
3 years ago Uh oh @monishcm, something went wrong! I wasn't expecting this change. Please go over the instructions again and make sure you've followed them as exactly as you can.
Make sure you use one of the below commands to remove reference to these commits.
If you would like help troubleshooting, create a post on the GitHub Community board. You might also want to search for your issue to see if other people have resolved it in the past.
Sensitive data elsewhere in the repository contents
Often sensitive data is buried deep in a repository's history. The process for removing these files and commit data is a bit tricker and more involved.
In our repository's history, there is a reference to a
.envfile with sensitive information. We've since added a.gitignoreto prevent this from happening in the future, but it doesn't modify any previously committed references from the history.There are a few things we need to think about and take into consideration before we start altering our historical content. But for now, let's start with identifying the commit in question by going through our commit history.
Step 12: Find historical reference to a previous
.envfilecommitslink directly under the Code tab.envfileI'll respond below when you add your comment to this issue.