for a small startup , I employed some remote developers. However, I only want to reveal the necessary codes to a certain developer, not the entire source code.
is this kind of feature offered by GitHub? If not, please provide a workaround.
Many thanks
With git repositories in GitHub there is no way to prevent a developer from cloning the whole repository and GitHub can't filter the contents of the repository to leave out part of the data. Permissions in GitHub can only prevent access to a repository, make the whole repo read-only or grant write access to the repository.
If you really want to limit access, you'll need to split your solution into multiple pieces, each in their own git repository. You can then set permissions for each repository in GitHub.
As a developer myself I caution you against this. A developer with only part if the sources would have a hard time verifying their changes work in way you intend to and it might make it much harder for them to debug any issues that happen in development.
Related
I have a GitHub repo that has multiple contributors making changes at the same time. I'm having conflicts with merging pull requests because by the time someone wants to submit changes they've made to be reviewed, someone else who had been working on a portion of the code in the same file will end up having an outdated repository on their local device. Whenever they plan to make their pull request with the changes, the repository had already been changed.
What is the proper way to submit changes through the command line before making a pull request to ensure you have the updated repository and the changes on your local device arent removed by re-pulling?
How should I properly be instructing my team to make changes to my repository while avoiding conflicts of files being updated?
What steps should I be taking when reviewing pull requests to make sure I am merging properly?
This is a very common scenario with version control tools like GitHub. There is NO solution to avoid merges completely, being in the same repository but there are a few ways that can help you reduce merges:
If possible, restructure your repo and make it modular for different teams.
See if you can use the concept of a common library and rearrange contents in various smaller repositories.
THE BEST way is to ask all contributors to make small and very frequent changes. This will increase no. of pull requests but it will make review quick for reviewers. And you also need to ensure there is no pipeline being formed for pull request review.
Thanks!
we have a UI mono repo using NX workspace , we are sharing code with multiple teams.Is there a way
To allow access to Team members only the modules they own?
To create PR which can be viewed and approved by module owners (Team only)?
No, read access = entire repo. If you're using a mono repo, then read access to all or no access. See: Information about Managing Teams
Read access for PRs is same as above, but you can require certain groups of approvers for PRs that include certain paths when merging to particular branches. See Information about Code Owners and Protected Branches
No, there is no way to restrict access to only part of a repository. The Git documentation is very clear that anyone who can read or write to a repository can access all of the contents of that repository. From the gitnamespaces(7) manual page:
The fetch and push protocols are not designed to prevent one side from stealing data from the other repository that was not intended to be shared. If you have private data that you need to protect from a malicious peer, your best option is to store it in another repository. This applies to both clients and servers.
If you need granular permissions, you need multiple repositories. I generally recommend against monorepos because they usually end up growing very large and then performing poorly (well after it's too late to fix), but this is also another reason why they're a bad idea.
As for PRs which can be approved by module owners, it depends on the platform. GitHub has the CODEOWNERS file, which can be used to mandate that files owned by certain teams require a review from that team.
The motivation is that we're starting to feel policy drift and maintenance headaches because of non-programmable (or non-codified) repository and or organization settings.
For example we might need to remove a specific team from accessing 50/100 repos. Or we might need to enable a new github feature (like auto-merge) for all of those repos. Sometimes the codeowner forgets to enable linear history and a contributor merge-commits.
At scale, clicking buttons doesn't work.
The best solution I can come up with is a script that makes idempotent calls to the Github API. Another partial solution might be to start using monorepos.
Is there any better way to solve the problem I'm facing?
I want to know whether the following thing can be achieved by Github Actions or other Github feature:
I have a repository having hundreds of file, I want to share only a few files by my developer/ team. (They can only able to saw those few files, I shared).
The program can only run successfully if a developer has all those files(hidden and unhidden both).
So, is there any way through which I can hide all my code from the team, and whenever they pull the repository, all those hidden files should be downloaded in an encrypted way, and rest unhidden files can be accessed by the developer and they can execute the whole repository successfully.
If it's not possible with Github, is there any alternative tool through which I can achieve this?
Thanks
Git does not provide access control to only parts of repositories, and it's not intended to. From gitnamespaces(7):
The fetch and push protocols are not designed to prevent one side from stealing data from the other repository that was not intended to be shared. If you have private data that you need to protect from a malicious peer, your best option is to store it in another repository. This applies to both clients and servers.
So if you want to give a user access to only a few files, they need to live in another repository with separate access control (that is not a fork of the original). That will involve a separate history.
If the user needs the other files in order to develop the software, then you'll just have to give them access, or you'll have to provide pre-built binary assets they can download to build against.
In general, it's not practical to not trust your developers with full code access. Usually one protects this access with legal means, like non-disclosure agreements, not technical measures, since technical measures are usually easily bypassed.
The company I work for uses TFS for its version control and has quite a strong opinion on data security.
With that in mind I'm unable to use source control services such as git due the capability being there to push your work to an external source.
My question is are there any git-like ways to manage your code which are PURELY LOCAL and do not offer the ability to push your changes to the internet? TFS does not seem to offer much in the way of local commits.
I've been told there's the shelving function however as a junior dev I would rather make any accessible code be in good standard before others can see it.
Thanks
I'm unable to use source control services such as git due the capability being there to push your work to an external source
That sounds like a rather odd reason. Even if you use a source control tool that does not support publishing the stuff, there is nothing that prevents you from simply uploading the contents manually somewhere. Sure, it requires manual work, but even that you could automate without introducing a version control system that does it.
The way you explain this also sounds as if you do have some kind of control of the tool you may end up using for this, so the company needs to trust you anyway to not publish the stuff.
And at that point, there is no reason not to use Git here: After all, it works completely offline, and you do not have to set up a remote which you could push to.
Taking things even further, if your company works with TFS, then you could utilize git-tfs which is a bridge between Git and TFS. With it, you can actually connect to your TFS, use Git locally, and then publish your changes (after you polished them) to the TFS. So it would all be a single integrated workflow, without you having to juggle between two different incompatible systems: You just commit using Git, and once you have a set of commits ready for checking them into the TFS, you can e.g. do git tfs checkin and make a single check-in for it.
I've been told there's the shelving function
The TFS shelvesets are also not offline; they are public in the same way the normal checkins are, it’s just that they live on the side without affecting the normal TFS repository. And they are quite cumbersome to work with too (since they don’t give you a history).