Is it dangerous to keep a store's theme saved in a public repo on GitHub?

Solved
nicklocicero
Tourist
13 0 4

I am thinking of developing a theme for my store and wonder if keeping version control should be strictly private for a store of if it's okay to have it in GitHub.

Accepted Solution (1)

Accepted Solutions
PaulNewton
Shopify Partner
3407 224 655

This is an accepted solution.

Reminder Do Not place in public accessible areas themes from the theme store or other themes of which you do not have redistribution rights.

FYI: Github offers private repos for free accounts, since the microsoft acquisition afaik. github.com/pricing 

In general for a public repo as long if  you follow best practices it's not dangerous.

Meaning your theme contains no secrets: private api keys, customer names, confidential business logic, or privately licensed code from vendors or apps of which you do not have redistribution rights etc.

Confidential business logic can be something as minor as logic that operates on a special customer tag to offer discounts that should not be public.

Another consideration is if you are connecting the theme on the shopify store to the github integration in which case ALL stakeholders or theme contributors MUST be aware that whatever they put in the theme will be on the PUBLIC repo; thus they need to follow privacy practices as well.

Answers powered by coffee Buy Paul a ☕ Coffee for more answers or donate to eff.org

Problem Solved? ✔Accept and Like solutions to help future merchants

Confused? Busy? Buy a custom solution paull.newton+shopifyforum@gmail.com

View solution in original post

Replies 3 (3)
PaulNewton
Shopify Partner
3407 224 655

This is an accepted solution.

Reminder Do Not place in public accessible areas themes from the theme store or other themes of which you do not have redistribution rights.

FYI: Github offers private repos for free accounts, since the microsoft acquisition afaik. github.com/pricing 

In general for a public repo as long if  you follow best practices it's not dangerous.

Meaning your theme contains no secrets: private api keys, customer names, confidential business logic, or privately licensed code from vendors or apps of which you do not have redistribution rights etc.

Confidential business logic can be something as minor as logic that operates on a special customer tag to offer discounts that should not be public.

Another consideration is if you are connecting the theme on the shopify store to the github integration in which case ALL stakeholders or theme contributors MUST be aware that whatever they put in the theme will be on the PUBLIC repo; thus they need to follow privacy practices as well.

Answers powered by coffee Buy Paul a ☕ Coffee for more answers or donate to eff.org

Problem Solved? ✔Accept and Like solutions to help future merchants

Confused? Busy? Buy a custom solution paull.newton+shopifyforum@gmail.com

View solution in original post

nicklocicero
Tourist
13 0 4

Thanks, a great answer and it will be helpful to others in the future.

PaulNewton
Shopify Partner
3407 224 655

Also see the Dawn reference repo github.com/Shopify/dawn for examples of generic theme code meant for public view.

Answers powered by coffee Buy Paul a ☕ Coffee for more answers or donate to eff.org

Problem Solved? ✔Accept and Like solutions to help future merchants

Confused? Busy? Buy a custom solution paull.newton+shopifyforum@gmail.com