ryan/turbovault-app
1
0
Fork 0
mirror of https://github.com/ryankazokas/turbovault-app.git synced 2026-04-16 22:12:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
036fa7ab334a15f990c4a84de0fb3323fd560098
turbovault-app/.github/WHAT_TO_COMMIT.md
Ryan Kazokas 036fa7ab33 Moving to github
2026-03-28 19:24:29 -04:00

186 lines
4.5 KiB
Markdown
Raw Blame History

# What to Commit to GitHub (Open Source)
Quick reference for what should and shouldn't be committed to the public GitHub repository.
## ✅ Safe to Commit
### Source Code
- ✅ All Ruby files (`app/`, `lib/`, `config/`)
-`Gemfile` and `Gemfile.lock`
- ✅ Controllers, models, views
- ✅ Migrations (don't contain secrets)
- ✅ Seeds (use fake/example data only)
### Configuration
-`config/database.yml` (uses ENV vars)
-`config/routes.rb`
-`config/environments/*.rb`
-`.env.example` (template only)
-`Dockerfile`
-`docker-compose.yml` (development version)
### Kubernetes
-`k8s/deployment.yaml` (with placeholder image)
-`k8s/service.yaml`
-`k8s/ingress.yaml`
-`k8s/configmap.yaml` (example values)
-`k8s/namespace.yaml`
-`k8s/migrate-job.yaml`
-`k8s/*.yaml.example` (all templates)
-`k8s/README.md`
-`k8s/GITEA_SETUP.md`
### GitHub Actions
-`.github/workflows/*.yml`
-`.github/SECRETS_SETUP.md`
-`.github/WHAT_TO_COMMIT.md` (this file!)
### Documentation
-`README.md`
-`LICENSE`
-`DEPLOYMENT.md`
-`API_DOCUMENTATION.md`
- ✅ All other `.md` files
### Assets
- ✅ JavaScript controllers
- ✅ CSS/Tailwind files
- ✅ Images, icons
### Testing
-`test/` directory
- ✅ Test fixtures
-`.rubocop.yml`
## ❌ Never Commit (Already Gitignored)
### Secrets & Credentials
-`.env` (actual environment variables)
-`k8s/secrets.yaml` (actual Kubernetes secrets)
-`config/master.key`
-`config/credentials/*.key`
- ❌ Any file containing passwords, tokens, or API keys
### Generated Files
-`log/*.log`
-`tmp/**`
-`public/assets/**` (compiled assets)
-`node_modules/`
-`coverage/`
-`.byebug_history`
### Database
-`*.sqlite3`
- ❌ Database dumps
-`dump.rdb`
### Local Environment
-`.DS_Store`
-`.idea/` (IDE files)
-`.vscode/`
-`*.swp`, `*.swo`
### Docker
-`docker-compose.override.yml` (local overrides)
## 🔍 Current .gitignore
Your `.gitignore` file already covers all sensitive files:
```gitignore
/.env
/.env.local
/config/master.key
k8s/secrets.yaml
k8s/sealed-secrets.yaml
```
These patterns prevent accidental commits of secrets.
## 🛡️ Double Check Before Pushing
Before pushing to GitHub, always verify:
```bash
# Check what will be committed
git status
# Review changes
git diff
# Ensure no secrets
grep -r "password\|token\|secret\|key" --include="*.rb" --include="*.yml" | grep -v ".example"
```
## ⚠️ If You Accidentally Commit a Secret
1. **Immediately revoke the secret** (regenerate token, change password)
2. Remove from git history:
```bash
git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch path/to/file' \
--prune-empty --tag-name-filter cat -- --all
```
3. Force push: `git push origin main --force`
4. Rotate all credentials
5. Consider the secret compromised
Better: Use [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/) or GitHub's secret scanning.
## 📦 What Gets Built vs What Gets Committed
### Committed to GitHub (Source)
```
Source Code (.rb, .js, .css)
Configuration Templates (.example files)
Kubernetes Manifests (with placeholders)
Documentation (.md files)
```
### Built by GitHub Actions (Artifacts)
```
Source Code
Docker Build
Docker Image
Pushed to Gitea Registry (PRIVATE)
Deployed to Kubernetes
```
## 🔄 Workflow
1. **Code** → Push to GitHub (public)
2. **GitHub Actions** → Build Docker image
3. **GitHub Actions** → Push to Gitea (private)
4. **Kubernetes** → Pull from Gitea
5. **Deploy** → Run your app
## ✨ Summary
| Item | GitHub | Gitea | k8s |
|------|--------|-------|-----|
| Source Code | ✅ Public | 🔄 Mirror | ❌ |
| Docker Images | ❌ | ✅ Private | 🔽 Pull |
| Secrets | ❌ | ❌ | ✅ Encrypted |
| Documentation | ✅ Public | 🔄 Mirror | ❌ |
| k8s Manifests | ✅ Templates | ❌ | ✅ Applied |
## Questions?
- "Can I commit database.yml?" → ✅ Yes (if it uses ENV vars, not hardcoded passwords)
- "Can I commit Dockerfile?" → ✅ Yes (it's build instructions, not secrets)
- "Can I commit my .env?" → ❌ NO! Use .env.example
- "Can I commit k8s/secrets.yaml?" → ❌ NO! Use secrets.yaml.example
- "Should I commit migrations?" → ✅ Yes
- "Should I commit seeds.rb?" → ✅ Yes (but use fake data, not real user data)
---
**Remember:** When in doubt, don't commit. You can always add files later, but removing secrets from history is painful.
Reference in New Issue View Git Blame Copy Permalink