AlanSTACK
AlanSTACK

Reputation: 6065

Does GitHub save all commits ever pushed to remote?

Background

I recently made some changes on my local branch and pushed to remote branch.

git push origin

After realizing my mistake, I reset my local branch and force pushed to remote branch.

git reset HEAD~10 --hard
git push origin HEAD --force

However, when checking old links to "browse this repository" at a certain commit - they still work. What gives?

enter image description here

It should be noted that this behavior isn't just confined to GitHub but also present in other popular version control software like GitLab.

Question

Will the remote branch eventually automatically delete these zombie commits or will I have to do something to expunge them manually? If so, how?

Upvotes: 1

Views: 696

Answers (2)

torek
torek

Reputation: 488253

Git itself keeps commits for a while:

  • Forever, if they're reachable (see Think Like (a) Git for a good definition of reachable).
  • For some indeterminate amount of time otherwise.

Cloning a repository with unreachable commits generally doesn't copy the unreachable commits,1 but sites like GitHub and GitLab allow you to access each commit by its raw hash ID number, provided you already know the number. This means that even though the commit is unreachable—making it impossible for someone to find the hash ID—if that someone already knows the hash ID, via some other communications channel, that person can still get at the commit.

An administrator can accelerate the purging of unreachable commits.


1Git doesn't promise this, though.

Upvotes: 1

bk2204
bk2204

Reputation: 76529

GitHub by default does not purge old objects. Other services may or may not run git gc (or other forms of purging old objects) on a periodic basis.

In fact, in general, Git does not purge unreachable objects until after some time has passed. Running git gc will eventually cause them to be purged after the time for them to be referenced has passed.

If you have pushed something like a secret to the repository, you must assume that it has been compromised and everyone on the planet now knows it, so you should rotate that secret. If it is other sensitive information, GitHub has a guide explaining what to do. You'll need to remove the commit from the history, which it sounds like you've already done, and then contact GitHub Support to have them remove the unreachable objects.

Upvotes: 2

Related Questions