Topic: Best practices for open sourcing your rails app and using git
I want to:
* Use git as my version control
* Work in development branches and merge them into master
* Frequently push changes to a public, open source git repository (eg Github)
* Be able to deploy to Heroku
By default, any secrets (eg "config/initializers/secret_token.rb") are present in my repository. Simply including them in .gitignore makes deploying to Heroku difficult, as Heroku needs to compile their slug from a branch of my git repository (and those secret files need to be present).
Looking at this link (http://groups.google.com/group/heroku/b 9204c70574), the solution is to include secret files in the .gitignore of the Master branch, and then create a Deploy branch that does not ignore secret files. You work in Master, and then when you're ready to deploy, you do the following:
git checkout deploy git merge master git push heroku deploy:master
This seems like an ok solution, but breaks when you want to work on a local server. Because your Master or Development/Topic branches do not include and secret files, running:
Will produce the following error:
A secret is required to generate an integrity hash for cookie session data. Use config.secret_token = "some secret phrase of at least 30 characters"in config/application.rb
I can't just checkout the Deploy branch, because then I won't be able to edit code while the server is running.
So my solution for now is to have a Master branch that contains everything (plus other development branches) and then a Public branch created like so:
git checkout -b public git rm some_secret_file git filter-branch --index-filter 'git update-index --remove some_secret_file' public echo "some_secret_file" >> .gitignore git add .gitignore git commit -m "remove secret files" git remote add origin git@git....... git push origin public
Then when hacking away:
git checkout master do something nifty git add something git commit -m "add something nifty" git checkout public git merge master git push origin publich
I think this basically solves the problem, but I'm concerned that if I ever modify .gitignore in master and then merge it into public that the secret files will some sneak on to Github.
This scenario seems common, but I have yet to find any information on it. Does this setup seem reasonable? Has anyone found a better way to do this?
Last edited by th.edore (2010-07-11 17:24:19)