This article reviews some of the best practices when it comes to adding files to your own repositories. Resist the urge to add things in Git that will make it harder to manage; here’s what to do instead. By Seth Kenlon (Red Hat).
Know your repo - This is arguably Rule Zero for a secure Git repository. As a project maintainer, whether you started it yourself or you’ve adopted it from someone else, it’s your job to know the contents of your own repository. You might not have a memorized list of every file in your codebase, but you need to know the basic components of what you’re managing.
In addition to the usual POSIX tools, you can detect binaries using git diff. When you try to diff a binary file using the
--numstatoption, Git returns a null result
$ git diff --numstat /dev/null pixel.png | tee
- - /dev/null => pixel.png
$ git diff --numstat /dev/null file.txt | tee
5788 0 /dev/null => list.txt
The article then describes following practices:
- Know your repo
- Ban binary blobs
- Keep third-party libraries third-party
- Resist a blind git add
- Use Git ignore
- Review merge requests
Git is meant for text, whether it’s C or Python or Java written in plain text, or JSON, YAML, XML, Markdown, HTML, or something similar. Git isn’t ideal for binary files. Some great advice here!
[Read More]