CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

Creating a .gitignore file - How we can use git ignore to prevent adding unwanted files to git

A .gitignore file is a great and simple tool we can use to prevent including unwanted files in a git repository. This file can be used to simply ignore files and directories but also be used to create complex rules and partial rules to ignore select files.

Video Transcript

Hello everyone.  Welcome to another video. Today we're going to be talking about the .gitignore file. Exactly what this is, how do we use it and when should we use it.

What is a .gitignore file?

Simply put the .gitignore file is essentially a list of instructions of files or file directories or types of files that git should ignore. Hence the name .git ignore.

Now git is a great tool. It's a fantastic way of sharing distributing and managing our source code, particularly in team environments but it can be used in some ways that are unintended.

For example, git is not a replacement for Dropbox and shouldn't host large-scale files because these end up bloating up the system. Because git keeps a record of everything including the history. And these files can end up being very large and take out a lot of space.

Git is also a terrible place to store sensitive information because it's distributed in so many different places and we have no visibility over where source code ends up. API keys security certificates and other secrets should never enter into a git repository even if it's private.

But the .gitignore file can be included in your repository and cloned with your repository meaning that everyone can have the same set of instructions about what files should be ignored on their machine.  

What are the two types of .gitignore files?

Now before we get started, it's important to know that there are two types of gitignore files.

The first one is your local gitignore file which of course works on a singular project or a singular repository and the other one is your global gitignore file. This is where you want to implement rules that will affect all of your projects on your machine.

Both are important and you should use both of them. The local one will override the global one and they should both have relatively different information.

We'll have a look at local first and then we'll dive into how to quickly set up a global one at the end but they all follow the same rules.

Okay so on my screen right now,  we have a very simple python project. We're just going to use this to illustrate some of the features of the .gitignore file. First thing we need to do is create the .gitignore file and then we're going to open our .gitignore file. Let's create a couple of files that we probably don't want in our git repository but regularly up here. So for example an environment variable file which regularly contains secrets such as API keys that we load into local memory. This can be a really sensitive file so by default we probably don't want to have this included. If I run gitstatus you'll see all these files that are currently being tracked. This includes my .env file. What this means is if i do a command like gitadd all,  which I would discourage, but if you do, then this is going to be captured into your local git stash and eventually, will be pushed into your remote repository if you proceed. So one simple thing we can do is just prevent git from tracking this file. So here in our .gitignore file we're just going to add .env. We're going to save that and now we run that exact same command: gitstatus. You'll see magically that there is no longer a .env file being tracked in this. So we can do something that I would discourage but we'll do it now and we can add this all to our local stash and if we look in our local stash we'll see that our env file is no longer there. But we can actually do much more complicated things with this as well other than just ignoring certain types of files . So let's say for example that we're going to create a directory here called logs and in this directory logs we're just going to create three files called example.log, important.log and debug.log. Now of course we can add each one of these by name but maybe this is being added automatically to it. Maybe we don't know the name of everything and we want to be sure. So it's easy just to ignore this entire folder directory. We can do that by just adding /logs and saving that and now that it's going to ignore that entire directory. So when i go gitstatus now you'll see that we've modified the .gitignore but our logs folder is being ignored entirely. If i was to remove this and run the same command then we'll see that the directory logs and all the files within it are being included. Now we can also exclude certain types of file extensions. In my directory now, you'll notice we have a photoshop file, a graphics.psd. These can be very large files and are not meant to be in your git repository because they should be shared with different team members. It's not what they are,  it is not what git has been designed to store for and these can bloat up your git history. They can take up a lot of space on different machines and backup areas so it's really important that we don't include really large files in git repositories. At the moment as always by default, this file is being tracked but if we want to ignore all psd files, all photoshop files or all any other types of files then we can add the command with the asterix, the wildcard, and then put PSD. Now, this is saying that we're going to ignore all of this type of folder. If i run the same command now we no longer are tracking that graphics.psd in our git history. That will be ignored along with all other photoshop files and we can also do that with other file types. For instance, if we want to ignore all .logs files then we can do that as well. We can also exclude files in a specific path for example if we have a directory called important and inside this directory we have another one called super important and in that we have a file and in that we have a file called top secret. If we want to keep everything in both that important and that super important directories but we don't want to include that top secret file then we can just add that exact path into our .gitignore file and this file will no longer be tracked We can do that with any number of different files. We can also create exceptions. Let's say the scenario that I have a file called important.log now with our current setup of our gitignore file this is being ignored. It's not being tracked. That's because we have a rule that says to ignore all log files but in this case let's say that I really want to include this. It contains information that's useful for my team well I can add an exception. I can add using the exclamation point the name of that file and now when I run it we'll see that this file is now being tracked. Without an exception that we're allowing that area. We can also do lots more complicated things with .gitignore files. For instance, if we want to ignore not just one logs directory but every single directory named logs we can do that using double asterisks. We can also use these wildcard commands to make up the names for instance inside our logs folder if i wanted to ignore every folder containing the day of the weeks then i could type in the logs/*day/ and now i'm going to ignore all the logs like monday wednesday thursday friday inside that logs folder. There's lots more patterns and rules that you can use in a .gitignore file and you can find examples of these on GitHub's website for example where they have lots of useful templates that you can start with depending on what your project is. So you don't have to start from scratch but looking at these and after this video you'll have a good understanding about what each of these rules and expectations are actually outlining and how it's going to affect your product. At the start I did say that there were two types of gitignore files and we're just going to quickly show you how to set up a global one right now. Generally speaking, most people will set this up in the root directory of their machine. Other people will set it up in a specific folder. I'm just navigating into the root directory of my machine. So i'm on a mac it will be slightly different if you're on a windows but we're just going to create a .gitignore file here and then we need to configure it and we need to tell git that we have this global file that we want to use. So we're going to configure this by going gitconfig//global then we're going to use core exclude file. Here we need to put in the file path. I don't have one because i'm navigated into my root and the files in my root. So i'm just going to put .gitignore but if you have it in a specific file here it's where you put that in. And that's it.  You can follow all the same rules that we just talked about of what we have on a local gitignore file and implement them globally. So i hope that you found this video useful. I hope that you will consider using .gitignore files now. If you have any questions reach out in the comments or you can follow me on twitter my handle is @advocatemac. Feel free to ask any questions. Give the thumbs up if you found this video useful and be sure to subscribe to the gitguardian youtube page for lots more content like this. Thanks for watching everyone and I hope you have a great day.