🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Open Source Release

by @jini92

Convert a private repository to public open-source. Use when making a repo public, sanitizing personal info from code/docs/git history, or preparing a projec...

Versionv1.1.0
Downloads759
Installs1
TERMINAL
clawhub install opensource-release

πŸ“– About This Skill


name: opensource-release description: Convert a private repository to public open-source. Use when making a repo public, sanitizing personal info from code/docs/git history, or preparing a project for open-source release. Triggers on "open source", "make public", "public release", "sanitize repo".

Open Source Release

Safely convert a private repo to public by sanitizing personal data and cleaning history.

Pre-flight Checklist

1. Scan source code β€” search for: - Absolute paths: C:\Users\, home directory references - Usernames: OS-specific account names - Internal hostnames / port names - API keys / tokens: .env, hardcoded secrets - Email / phone numbers in commit author config

2. Check cached artifacts β€” ensure .gitignore covers: - Binary caches (.pkl, .db, checksums.json) - __pycache__/, node_modules/, .env, *.egg-info/ - Project-specific cache directories

Sanitization Steps

Step 1: Code Scan

# Find hardcoded paths and usernames
Get-ChildItem -Recurse -Include "*.py","*.ps1","*.js","*.ts" |
  Select-String -Pattern "C:\\Users|/home/|your-username" -SimpleMatch |
  Where-Object { $_.Path -notmatch "__pycache__|node_modules|\.git" }

Fix: replace with environment variables (os.environ.get / process.env) and add a .env.example.

Step 2: Docs Scan

Get-ChildItem -Recurse -Include "*.md","*.txt","*.yaml","*.yml" |
  Select-String -Pattern "C:\\Users|/home/|your-username" -SimpleMatch |
  Where-Object { $_.Path -notmatch "node_modules|\.git" }

Replace personal paths with generic placeholders ($VAULT_PATH, ~/vault, etc.).

Step 3: Git History Analysis

git log --all -p | Select-String -Pattern "SENSITIVE_TERM" | Select-Object -First 50
git log --all --diff-filter=A -- "cache/*"

Choose a strategy:

  • < 50 commits + cache only in history β†’ Option B (clean push)
  • Large history with sensitive data β†’ Option A (BFG Repo Cleaner / git filter-repo)
  • History is fine, just old paths β†’ Option C (leave as-is)
  • Step 4: Clean Push (Option B)

    git checkout --orphan clean-main
    git add -A
    git commit -m "feat: initial public release"
    git remote set-url origin https://github.com/{owner}/{repo}.git  # verify no token in URL!
    git branch -M main
    git push origin main --force
    git push origin --delete {old-branch}
    

    Step 5: Make Public

    gh repo edit {owner}/{repo} --visibility public --accept-visibility-change-consequences --description "Short description"
    

    Step 6: Verify

    # Final scan for sensitive strings
    Get-ChildItem -Recurse -Include "*.py","*.md","*.yaml","*.js","*.ts" |
      Select-String -Pattern "SENSITIVE_TERM" -SimpleMatch |
      Where-Object { $_.Path -notmatch "__pycache__|node_modules|\.git" }

    Confirm remote URL has no token

    git remote -v

    Confirm visibility

    gh repo view {owner}/{repo} --json visibility

    Step 7: Post-Release Housekeeping (Optional)

  • Add issue tracking to HEARTBEAT.md
  • Update memory/{project}.md with release notes
  • Gotchas

  • Never include tokens in git remote URLs β€” always verify before push
  • Binary caches not covered by .gitignore may already be in history β€” check carefully
  • Encoding issues on Windows β€” use UTF-8 explicitly in PowerShell/Python
  • Your GitHub username is already public β€” that is fine to leave as-is
  • Never commit .env files β€” add to .gitignore if not already there