Skip to main content

Like .gitignore, but for what goes public. Keep a sanitized public mirror of your private repo.

Project description

git-private2public

English · Русский


Like .gitignore, but for what goes public.

You have a private repo. You want a public one — without the secrets. This tool keeps them in sync. Automatically.

Quick start

pip install git-private2public
git-private2public init          # creates .gitpublic/ folder

Edit .gitpublic/config — set source + target. Values can be owner/repo, a full Git URL, or a local path:

source = you/private-repo
target = you/public-repo

Edit .gitpublic/ignore — files to hide, one per line (like .gitignore):

.env
secrets/
*.key

Publish:

git-private2public publish

Done. Your public repo is clean.

Auto-publish on every git push

git-private2public hook enable     # on
git push                           # also publishes public mirror
git-private2public hook disable    # off

Native git hook. No CI, no GitHub Actions. Works offline.

The .gitpublic/ folder

Each file is one concern. Like .gitignore — one rule per line, # for comments. If a file is missing, that setting is just empty.

File What goes in it Format
config source, target, push settings key = value
ignore files to NOT publish one path/glob per line
replace find → replace in file contents old ==> new per line
scan refuse to push if matched one pattern per line
allow domains OK to publish when scan matches nearby text one domain per line

Easy — just edit ignore:

.env
secrets/
*.key

Medium — also edit replace:

<PRIVATE_IP> ==> 203.0.113.5
real-token ==> ***
regex:[A-Fa-f0-9]{64} ==> ***

Hard — also edit scan + allow:

# scan:
regex:github_pat_[A-Za-z0-9_]{30,}
regex:192\.168\.
regex:[a-z0-9.-]+\.[a-z]{2,}

# allow:
github.com
get.docker.com

Commands

init        create .gitpublic/ config
scan        clean into a temp repo, scan, don't push
publish     clean + push
hook        enable / disable / status

How allow / domains work

allow is not a replacement rule. It is an allowlist used during scanning.

Example: put a broad domain detector into .gitpublic/scan:

regex:[a-z0-9.-]+\.[a-z]{2,}

Now every domain-like string fails the scan unless the matched domain is listed in .gitpublic/allow:

github.com
get.docker.com

Use .gitpublic/replace to rewrite private domains, for example:

private.company.local ==> example.com
regex:.*\.corp\.internal ==> example.com

Install

pip install git-private2public

That's it. Now you have the git-private2public command.

No pip? Single-file manual install — download + chmod +x (needs pip install git-filter-repo pyyaml).

Why

Git has no "private file in a public repo". So you need two repos. This keeps them in sync — without leaking.

delete files replace text scan auto push
git-filter-repo
BFG
dupligit
git-private2public

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

git_private2public-0.1.1.tar.gz (13.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

git_private2public-0.1.1-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file git_private2public-0.1.1.tar.gz.

File metadata

  • Download URL: git_private2public-0.1.1.tar.gz
  • Upload date:
  • Size: 13.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for git_private2public-0.1.1.tar.gz
Algorithm Hash digest
SHA256 2af2841061ab57c916efb612a25d9052de8039d600064688a5d1858fa5a7d8a9
MD5 a75b604e9abf016e5e84346b2c2dfd4c
BLAKE2b-256 ffd87ab8a73910a98f72c1430ef05e5272eb036eb60660ccea8a29c8a4d29da0

See more details on using hashes here.

File details

Details for the file git_private2public-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for git_private2public-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f150398ff8292384ba6b81d34c67daf6062869dc10cada9b5374e52de9a6d1e1
MD5 bd9f8a03acc012a6b9c0fe3b28fa6566
BLAKE2b-256 560dae5d45cc351c614dc96c5631afca4556a886b7741bd287785027c57cddc7

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page