blob: e5fbb05f5cd2fd9aba90f50651a8c13f20a78b2a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
## Background
- I recently used `git-filter-repo` to scrub cleartext secrets from a
repository.
- We pin some services' deployments to commit SHAs.
- These commit SHAs are no longer reachable from `origin/main`.
## Problem
If `git` garbage-collects any of the commits to which services are pinned, and
that service attempts to redeploy, the deployment will fail.
`git for-each-ref --contains $SHA` will report all of the refs that can reach
some commit, `$SHA`. This may report things like:
- `refs/replace` (i.e. `git-filter-repo` artifacts)
- `refs/stash`
- some local branches
- some remote branches
One solution might involve creating references to avoid garbage-collection. But
if any of our pinned commits contains sensitive cleartext we *want* to ensure
that `git` purges these.
Instead let's find the SHAs of the new, rewritten commits and replace the pinned
versions with those.
## Solution
Essentially we want to find a commit with the same *tree* state as the currently
pinned commit. Here are two ways to get that info...
This way is indirect, but provides more context about the change:
```shell
λ git cat-file -p $SHA
tree d011a1dd4a3c5c4c6455ab3592fa2bf71d551d22 # <-- copy this tree info
parent ba88bbf8de61be932184631244d2ec0ec8205cb8
author William Carroll <wpcarro@gmail.com> 1664993052 -0700
committer William Carroll <wpcarro@gmail.com> 1665116042 -0700
feat(florp): Florp can now flarp
You're welcome :)
```
This way is more direct (read: code-golf-friendly):
```shell
λ git log -1 --format=%T $SHA
```
Now that we have the SHA of the desired tree state, let's use it to query `git`
for commits with the same tree SHA.
```shell
λ git log --format='%H %T' | grep $(git log --format=%T -1 $SHA) | awk '{ print $1 }'
```
Hopefully this helps!
|
