What's the easiest way to deal with project configuration files?

git

Filter drivers are the "automatic" way of implementing option 3, as detailed in "when you have secret key in your project, how can pushing to GitHub be possible?":

enter image description here

The smudge script will, on checkout:

  • detect the right config files to modify
  • fetch the information needed (best kept outside any Git repo) and will replace the template values by the actual one.

From there the developers can make any kind of modification they want to those config files.
It won't matter, because the clean script will, on commit, restore the content of that file to its original (template) value. No accidental push there.


The way we did it on the last project i worked on was to have a master config file that loaded a users local config file if it was present which could overwrite the defaults set in the master if specified and declared its own config info if not present in master. The local file was added to gitignore. That way all common stuff could all be shared and some config always present and each developer can modify their local.


Since it took me a while to figure out a working solution with @VonC 's hints, here's a full example of how to ignore passwords with a git clean filter in an Objective-C header file.

  1. Assume you have a default config script named Config.h containing this

    // Change "12345" to your password
#define kPass @"12345"
#define kConstant 42

  2. Create a script hidepass.sh that matches the critical line(s) and prints the default line instead

    #!/bin/sh
awk '{ if (/#define kPass/) print "#define kPass @\"12345\""; else print $0; }'
exit 0

  3. Make the script executable and add it to the repo

  4. Tell git to filter your config file by adding this line to .gitattributes (also add .gitattributes to your repo)

    Config.h filter=hidepass

  5. Tell git to use the hidepass.sh script for the hidepass filter during clean:

    git config filter.hidepass.clean ./hidepass.sh

That's it, you can now change the password in Config.h but git will not commit this change because it always replaces that line with the default line on checkin.

This is a quick solution for a one-line password, you can go crazy and e.g. end the lines to be ignored with a special string and check for lines with that string.


In projects I have been, we have a default config, and developers have their own config at a particular location outside version control ( convention over configuration ) - the values from latter are used to override those in the former.

We started using encryption for sensitive details in the config: Handling passwords in production config for automated deployment

In case of git, you can look at git attributes filter attribute to do both the replacement of local values and decryption of sensitive values in an automated way.

You can also have submodules which have say the production.yml and with restricted access to the submodule repo.

Related

screen styling when virtual keyboard is active
How does data denormalization work with the Microservice Pattern?
How do I handle async operations in Startup.Configure?
docker for mac memory usage in com.docker.hyperkit
Why are some object properties UnaryExpression and others MemberExpression?
Linking with dynamic library with dependencies
Why doesn't triggering click() inside a click event listener cause an infinite loop?
Tools to help reverse engineer binary file formats
Entity framework code first - how to run Update-Database for production database
What's the difference between the .NET Framework SDK and the Targeting pack
good postgresql client for windows? [closed]
Should I use Dockerfiles or image commits?