63 lines
1.7 KiB
Bash
Executable File
63 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Script to remove sensitive files from git history
|
|
# WARNING: This will rewrite git history!
|
|
|
|
echo "WARNING: This script will rewrite git history to remove sensitive files."
|
|
echo "Make sure you have a backup of your repository before proceeding."
|
|
echo ""
|
|
read -p "Do you want to continue? (y/N): " -n 1 -r
|
|
echo ""
|
|
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Aborted."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Removing sensitive files from git history..."
|
|
|
|
# Files to remove from history
|
|
FILES_TO_REMOVE=(
|
|
"CLAUDE.md"
|
|
"package.json"
|
|
"package-lock.json"
|
|
"composer.json"
|
|
"composer.lock"
|
|
".playwright-mcp/*"
|
|
"tests/*"
|
|
"*.json"
|
|
".env"
|
|
".env.*"
|
|
)
|
|
|
|
# Remove each file from git history
|
|
for file in "${FILES_TO_REMOVE[@]}"; do
|
|
echo "Removing $file from history..."
|
|
git filter-branch --force --index-filter \
|
|
"git rm -rf --cached --ignore-unmatch $file" \
|
|
--prune-empty --tag-name-filter cat -- --all 2>/dev/null || true
|
|
done
|
|
|
|
echo ""
|
|
echo "Cleaning up..."
|
|
|
|
# Clean up refs
|
|
git for-each-ref --format="%(refname)" refs/original/ | xargs -n 1 git update-ref -d
|
|
|
|
# Expire reflog
|
|
git reflog expire --expire=now --all
|
|
|
|
# Garbage collect
|
|
git gc --prune=now --aggressive
|
|
|
|
echo ""
|
|
echo "Done! Sensitive files have been removed from git history."
|
|
echo ""
|
|
echo "IMPORTANT NEXT STEPS:"
|
|
echo "1. Review the changes with: git log --oneline"
|
|
echo "2. Force push to remote: git push --force --all"
|
|
echo "3. Tell all collaborators to re-clone the repository"
|
|
echo "4. Update any CI/CD secrets that may have been exposed"
|
|
echo ""
|
|
echo "The following files are now in .gitignore and won't be committed again:"
|
|
cat .gitignore | grep -E "CLAUDE|json|.env|playwright|test" | head -10 |