My Profile Photo

Sheogorath's Blog

Publish your work while keeping a private fork


I have many software projects I work on a daily basis. And a lot of them would be nice to see published as Open Source or Free Software.

But there are always concerns like

  • “What if I want to add some feature I don’t want to publish?”
  • “When I publish it, I have to totally separate private and public data which makes the handling way more difficult”

and some others…

I started my infrastructure repository a while ago and published it under GPL-3.0.

While this was done as preparation, I started to use it now and of course I faced a problem: I wanted to continue to work with this published repository but some information are private like URLs, mail addresses and more. They are all placed in group_vars/ and I try to build it like its not needed.

But of course I want to track the changes in my git repository and push them to an upstream repository. Since that’s what it’s for.

After a little moment of thinking about it, I came up with a simple solution for the problem: An own branch that is pushed to a private repository instead of the public one.

How to do

First of all, create an own branch. I named mine deploy.

git checkout -b deploy

You are now in this branch and can add your private changes:

# Add the group_vars directory with all its changes
git add group_vars/
# Check the changes so you don't commit something you want to be public
git diff --cached
# Commit your changes when everything is fine
git commit

You committed the changes you wanted to keep private.

Now, you create a private repository somewhere. In my case it’s on GitHub but of course, you can use whatever you want. From an own box with SSH access1 or a self-hosted Gitea or GitLab to a hosted solution like BitBucket or

Once it’s created, you copy the repository URL and add it as remote:

git remote add private

Now you only need to make sure you push your stuff into the right repository:

git push --set-upstream private deploy

Once you ran this, you can use the usual git push to push your changes to this private repository, while everything you commit to master and git push, is pushed to the published repository.

How to develop in this setup

Once you have this setup running the remaining question is: How to use it?

Usually you develop things in master, since you want to continue to publish your work:

# Checkout master branch if you haven't already switched
git checkout master
# Make your changes
# Add the changes
git add
# Make sure no private information made it to your staging area
git diff --cached
# Commit the changes
git commit

So you committed your changes now. With git push they are published in your public repository. But you still need to get these changes into your own infrastructure.

This can be done this way:

# Checkout your deploy branch
git checkout deploy
# Merge the changes from master. Keep in mind you may have to resolve some conflicts
git merge master
# Push the changes to your private repository
git push

Warning: This works only from master-branch to the deploy-branch, not the other way around, otherwise all your private changes are published!

And that’s it!

I hope this helps you to work with published projects when you have some private features or configuration in the repository. It’s very simple and it helps to make more software FOSS-ready or provide useful examples based on production setups online.

Feel free to comment or say hi on Mastodon!