User Folder in Git Repo

Hi all! I'm just starting up a grav blog and was wondering the best way to use git with grav. I've created the basics of a custom theme, added the admin plugin, added a user, etc locally. I'm going to create a git and use this to pull on my server the latest theme changes etc. This also will save all my blog posts etc. I want to only upload the user folder so I don't have to worry about my version being behind/ahead etc. I'm wondering if I can safely upload the user/accounts folder to a public repo (for future employers to view my work etc) or any other folders I should avoid.

My current gitignore is this:

# Grav Specific
.sass-cache
composer.lock
cache/*
assets/*
logs/*
images/*
user/data/*

# All but user folder
.htaccess
CHANGELOG.md
CONTRIBUTING.md
LICENSE.txt
README.md
backup/
bin/  
composer.json
index.php
robots.txt
system/
tmp/
vendor/
webserver-configs/

but I haven't done any commits yet until I have you guys weigh in. Thanks!

I would think the only folders you'd want are user/themes and user/pages. Config would be nice, but it can contain sensitive info. Ignore everything else. Alternatively, create two repositories, one for theme and one for content.

if i don't have user/config then I have to update that on my remote each time if it changes (site description etc). I think the only sensitive one is security.yaml yes?

Depends on your plugins. Numerous plugins (e.g., recaptchacontact, loginoauth, iplocate) require API keys that you wouldn't want to expose. Site and system.yaml should be fine.

cool. i'll exclude those from my repo :)

Alternatively, you can use https://bitbucket.org/
Bitbucket Cloud is free for small teams of 5 members and you can use private repositories

i have private repos on github, that's not the issue. just wondering if i can host it on a public one and if i can what i should hide etc. thanks!

The user-folder is in essence safe to version with Git, even in a public repo, given that you're comfortable with the personal details often found in site.yaml: Commonly an email address.

As site.yaml and system.yaml is often considered sensitive, not for personal data, but for server configuration, I would just exclude those two specifically.

On a recent project I synced the user-folder entirely, barring these two files, including themes, plugins, pages, and plugin-configs. None of these contain personal data, as the email addresses used in the FrontMatter of pages were masked.

I would recommend .gitignore-ing user/data/ and user/accounts/