Free Git-based CMS setup using Decap CMS, standalone GitHub data repo and Netlify-based GitHub auth
Quick Info
Summary
1) Architecture / Design Overview
This is a free (zero-cost) Git-backed CMS and hosting setup using Decap CMS, a standalone public GitHub data repository, and Netlify-based GitHub authentication.
At a high level, the system has three clearly separated responsibilities:
A. GitHub (Source of Truth)
-
A public GitHub repository contains
data/data.json. -
This repository is the single source of truth for site content.
-
GitHub Pages is enabled on this repo, so the latest
data.jsonis always available at a public URL. -
Any frontend (Next.js, static site, etc.) can fetch this JSON at runtime.
B. Decap CMS (Content Editing UI)
-
Decap CMS runs entirely as a static admin UI (
/admin) hosted on a Netlify site. -
Editors authenticate using GitHub OAuth.
-
Decap CMS edits
data.jsonand commits changes directly to the GitHub repository via Netlify Identity + Git Gateway. -
No server, database, or custom backend is required.
C. Netlify (Minimal, Supporting Role)
Netlify is used only for:
-
Hosting the static Decap CMS admin UI
-
Providing GitHub OAuth authentication
-
Acting as a Git Gateway between Decap CMS and GitHub
The Netlify site is not the production site and not the canonical data source.
Even if Netlify builds are stopped, the system continues to work as long as authentication is available.
Data Flow (End-to-End):
-
Editor logs into
/adminof Netlify site using GitHub OAuth. -
Decap CMS reads the current content state from GitHub.
-
Editor edits content and clicks Publish.
-
Decap CMS commits changes to GitHub.
-
GitHub Pages automatically redeploys site resulting in updated
data.json. -
The frontend site fetches the updated JSON from GitHub Pages.
This achieves a Git-native CMS with:
-
No database
-
No custom backend
-
No paid hosting
-
A clean failure mode (GitHub remains usable even if CMS breaks)
2) Key Instructions / Operational Notes
Repository Structure
-
The GitHub repository must be public (for GitHub Pages access).
-
GitHub Pages should be enabled on the main branch.
Decap CMS Setup
-
Use a minimal
admin/index.html. -
Do not manually call
Decap.init()— Decap auto-initializes. -
Use
git-gatewayas the backend. -
Use GitHub OAuth only; email/password login is unnecessary.
Netlify Usage
-
Netlify is required only for:
-
Identity (OAuth)
-
Git Gateway
-
Hosting
/admin
-
-
Continuous deployment can be:
-
Enabled during setup and testing
-
Disabled later to minimize free-tier usage
-
-
Even if Netlify deployment is stopped:
-
CMS edits still update GitHub
-
GitHub Pages continues to serve updated data
Netlify site will have old data but that should be ignored
-
Frontend Integration
-
The frontend can fetch
data.jsonat build-time or runtime from GitHub Pages. -
The frontend does not need to know about Netlify or Decap CMS.
-
This keeps the production site fully independent of the CMS tooling.
Operational Discipline
-
Always
git pullbefore making local changes. -
If Decap CMS creates commits:
-
Pull them locally
-
Resolve merges immediately
-
Push without delay
-
-
Use Git tags (e.g.,
cms-stable-baseline created on 25 Jan. 2026) to mark known-good CMS states.
Final Outcome
This setup provides a low-cost, Git-native, editor-friendly CMS that:
-
Respects Git as the source of truth
-
Avoids vendor lock-in
-
Keeps production hosting independent and free
-
Degrades gracefully if CMS tooling ever fails
It is not a “polished enterprise CMS,” but it is a robust, transparent, and maintainable solution for small sites and cost-sensitive deployments.
Details
Core Comparison
Pages CMS
A lightweight, GitHub-centric CMS designed specifically to simplify content editing for static site generators like Next.js, Hugo, Astro, Jekyll, 11ty, etc.(pagescms.org)
Features include visual editing, rich text support, media management, search, and configuration via a single YAML file.(pagescms.org)
It aims for simplicity and an intuitive editing experience with minimal setup.(pagescms.org)
Typically accessed via a hosted web UI that commits changes back to the repository.(CMS Conf)
Decap CMS
The rebranded successor to Netlify CMS, maintained as an open-source project with a broader user base and community support.(decapcms.org)
Also Git-based, but tends to be more feature-rich and mature, with deeper extensibility and customization options (e.g., custom widgets, preview pipelines, Git Gateway for non-GitHub workflows).(decapcms.org)
Works with many static site generators and has more ecosystem discussion and tooling already in place.(decapcms.org)
When Pages CMS Is a Good Alternative
You would consider Pages CMS as an alternative to Decap CMS if:
Ease of Setup and Use Is a Priority — Pages CMS is designed to reduce configuration complexity and provide a friendly editing UI out of the box.(pagescms.org)
You’re Using GitHub and Static Site Generators — It directly integrates with GitHub and supports most flat-file workflows.(Jamstack.org)
Your Site Is Small to Medium — For blogs, documentation, and marketing sites where heavy content workflows aren’t needed, Pages CMS can be simpler.(CMS Conf)
When Decap CMS Might Be Preferable
Decap CMS may still be the better choice if:
You Need Advanced Customization — Decap has a more established plugin/widget ecosystem and richer editor capabilities.(decapcms.org)
Your Team Isn’t GitHub-Only — With Git Gateway, Decap can support editors without GitHub accounts.(decapcms.org)
Community and Longevity Matter — Being a more widely adopted project means more examples, community help, and long-term viability.(AlternativeTo)
Other Alternatives Worth Considering
Aside from Pages CMS and Decap CMS, there are other Git-based CMS options for static sites, such as:
Nuxt Studio — editing interface for Nuxt Content sites.(AlternativeTo)
TinaCMS — inline visual editing with React support.(libhunt.com)
Sveltia CMS — a modern replacement for Decap CMS with improved UX and i18n support.(npmjs.com)
Static CMS — another Git-based editing UI (though less actively maintained).(AlternativeTo)
Summary
| Feature / Aspect | Pages CMS | Decap CMS |
|---|---|---|
| Git-based | Yes | Yes |
| Ease of Setup | Higher | Moderate |
| Editing UI | Visual & simple | Rich & customizable |
| Maturity & ecosystem | Emerging | More mature |
| Supports non-GitHub workflows | Limited | Yes (via Git Gateway) |
Conclusion: Yes — Pages CMS can be an alternative to Decap CMS if your project needs simplicity, GitHub-first workflows, and a lightweight editing experience. For more complex workflows, deeper customization, or broader ecosystem support, Decap CMS may still be the stronger choice.(pagescms.org)
Me: I am experimenting with a Next.js template si-education that is static site landing page for an education site. It uses a data.json file to drive some of the elements shown in the landing page. I would like to have a web UI that enables editing this data.json, committing to GitHub which triggers a build. For deployment I am using GitHub Pages. There is an additional complexity but let me add that later. If Decap CMS has more features and is better established in the community, I prefer using that. I looked at its website. Its documentation is heavily tied to Netlify. That put me off a little. But if it works well with GitHub Pages too then I think I should use Decap CMS. Your comments please
[CG was helpful with the config.yml file creation. But on admin/index.html CG went off track and there were lot of issues. I did look at Decap CMS docs but in my quick browse, I could not locate an example suitable for my use case. The examples seemed to be more on the lines of single repo having website as well as data which probably was used by Static Site Generators in build process. The config.yml creation by CG perhaps led me to rely on CG for the index.html too. In hindsight, this was a mistake. Eventually, the issues we got into, got resolved with me looking at Decap docs and having a top level browse of Decap CMS GitHub repo code which included some examples (they were hard to locate or else I may have latched onto it earlier). ... In the sections below, I have given only some of the messages to focus on what is useful.]
Me: Great! Now one complexity is that my Next.js project is a private GitHub repo for which in my free tier account, GitHub Pages deployment is not allowed. So I have deployed the site to another public GitHub repo, using gh-pages package to do the deployment from source private GitHub repo to public deployment GitHub repo and GitHub Pages site. Did you understand this setup?
Recommendation for your setup
Since you want:
GitHub Pages for site
Decap CMS for editing
No full Netlify deployment
Then you have two practical choices:
Option A: Use Netlify only as an authentication proxy
Deploy a minimal site on Netlify
Enable Identity + Git Gateway
This handles GitHub OAuth for Decap CMS
Your GitHub Pages site still fetches data from the public repo
CMS will work without full Netlify deployment of the main site
This is the easiest school project path because you use Netlify exactly as Decap expects.
Option B: Deploy your own OAuth proxy service
Use an existing Decap-OAuth proxy implementation (e.g., Cloudflare Worker)
Configure Decap CMS to use that proxy as the
backend.base_urlNo Netlify needed
Longer setup, but clean architecture
This is the purely static + own serverless auth path.
Conclusion
Yes, there is a way to use Netlify only for GitHub authentication with Decap CMS, while hosting everything else (CMS UI + site) on GitHub Pages. This is explicitly supported by the Decap documentation because it calls out Netlify as the provider that “facilitates basic GitHub authentication.”
Alternatively, you can avoid Netlify entirely by running your own OAuth proxy — but that requires additional infrastructure.
If you want, I can provide step-by-step instructions for either Option A (Netlify for auth only) or Option B (self-hosted proxy) tailored to your exact repo and domain. Just tell me which path you want.
If you use Option A (Netlify only for authentication: Identity + Git Gateway), the likelihood of hitting Netlify free-tier limits is very low, especially for an experimental or low-traffic setup like yours.
Let me explain this precisely, without hand-waving.
What Netlify is actually doing in Option A
In your architecture:
GitHub Pages
Hosts your static site
Hosts the Decap CMS admin UI (
/admin)
GitHub
Stores
data.jsonReceives commits from Decap CMS
Triggers your existing GitHub Pages build/deploy flow
Netlify
Does only one job:
Acts as a server-side OAuth broker between Decap CMS and GitHub
Issues short-lived access tokens via Git Gateway
Netlify is not:
Hosting your production site
Serving your static pages to end users
Running builds for your site
Serving your assets or JSON to visitors
That dramatically reduces usage.
Netlify free tier limits — what matters here
The Netlify Free plan limits that are relevant to Option A are essentially:
1. Identity (authentication)
Intended for small to medium projects
Limits are based on active users, not logins per se
For a single editor (you):
You are nowhere near any practical limit
2. Git Gateway usage
Git Gateway is a thin proxy
It only runs when:
You log into
/adminYou save or publish content
Each save is a single Git commit
Even with daily experimentation, usage is trivial.
3. Bandwidth & build minutes
Irrelevant in your case
You are not deploying your site on Netlify
You are not using Netlify builds
Public users never hit Netlify at all
This is the key point many people miss.
What could realistically hit limits?
Only two scenarios, neither of which applies to you right now:
Many CMS editors
Dozens or hundreds of authenticated users
Not your use case
High-frequency automated CMS writes
Programmatic edits or bots committing repeatedly
Not how Decap CMS is designed to be used
For a single developer / site owner, Netlify’s free tier is effectively “unlimited” for this role.
Architectural judgement (important)
From a system design perspective, Option A is actually quite clean:
GitHub Pages stays purely static
OAuth complexity is delegated to a service designed for it
You avoid maintaining your own auth proxy
You do not tie your site hosting to Netlify
This is why Decap CMS documentation still leans on Netlify: not because it forces Netlify hosting, but because OAuth is genuinely painful to self-host correctly.
Bottom line
Your statement:
“If I use Option A, I will be using Netlify in a minimal way and so possibility of encountering free tier limits is low.”
is accurate.
More strongly stated:
For your current learning + experimentation phase,
With a single editor,
Using Netlify only for Decap CMS authentication,
You are extremely unlikely to encounter any Netlify free-tier limits.
Proceeding with Option A is a sensible, low-risk, low-maintenance choice.
If you want, next I can:
Lay out the exact minimal Netlify setup (no unnecessary features), or
Help you cleanly document this architecture for your own reference, or
Explain when it would make sense to move to Option B later.
Validation of your proposed production pathway
You are proposing:
Zero hosting cost for the public website
Minimal, optional cost only if CMS usage grows
Clear upgrade path without architectural change
That is exactly what your current design achieves.
Let’s restate your production architecture clearly:
Production architecture (validated)
Public site
Hosted on GitHub Pages
Cost: ₹0 / $0
Scales well for static content
Independent of CMS provider
Content storage
GitHub repository (public or private, your choice)
Cost: ₹0 / $0
CMS UI
Decap CMS hosted on GitHub Pages (same repo)
Cost: ₹0 / $0
Authentication & write access
Netlify (Identity + Git Gateway)
Customer creates their own Netlify account
Editors are limited in number
Cost: ₹0 / $0 initially
This is a clean separation of concerns, which is exactly what you want for a reusable customer solution.
Why this stays within Netlify free tier in real life
Your reasoning here is correct.
For a typical small education site / school / institute:
Editors: 1–3 people
Edit frequency:
Courses updated occasionally
Testimonials added rarely
Navigation changes very rarely
CMS usage:
A few logins per week or month
A handful of Git commits per edit session
This usage profile is far below Netlify’s free-tier stress points.
Netlify is not charging for:
The number of Git commits
The size of JSON files
The number of public site visitors (because visitors don’t hit Netlify at all)
Upgrade path is clean and non-breaking
This is an important strength of your approach.
If a customer later:
Adds many editors, or
Wants frequent content churn, or
Starts using CMS as an operational tool rather than a simple editor
Then:
They do not need to change architecture
They do not need to migrate data
They simply:
Upgrade Netlify plan
Increase Identity / Git Gateway limits
That is a commercially reasonable escalation, not vendor lock-in.
One important clarification you should state explicitly to customers
To be precise and honest, you should phrase your offering like this:
“The public website has zero hosting cost.
The content editing system also runs at zero cost for normal usage.
Only if you add many editors or perform very frequent updates would a paid Netlify plan be required.”
This avoids the trap of promising absolute zero cost forever, which no professional system should promise.
You are offering:
Zero cost for normal operation
Predictable, optional cost for growth
That is a responsible engineering claim.
Strategic assessment (strong opinion)
What you are designing is actually better than many small CMS setups because:
You avoid server hosting entirely
You avoid database maintenance
You keep content versioned in Git (audit trail)
You give customers ownership of:
GitHub account
Netlify account
Their data
This aligns well with:
Small schools
NGOs
Trusts
Individual educators
Exactly the audience suggested by the si-education template.
Bottom line
Your understanding is correct and well thought through.
Yes:
You can reach production with zero hosting cost
Yes:
Netlify can be used minimally and safely
Free tier is sufficient for normal editorial usage
Yes:
There is a clean, non-disruptive upgrade path
This is a defensible architecture, both technically and commercially.
If you want, next we can:
Turn this into a 1-page architecture note you can reuse for clients, or
Define editor role limits and best practices to keep customers in free tier, or
Compare this approach against Headless CMS SaaS offerings to articulate why yours is leaner.
1. Is the Auth0 extension free to use?
The Auth0 extension itself is available in the Netlify Extensions Directory and can be installed on your Netlify site. However:
Auth0 Pricing
Auth0 offers a free tier that you can use to create an Auth0 tenant and applications without cost.
The free tier normally includes a quota of monthly active users (MAUs). According to Auth0 pricing, the free plan supports up to 25,000 monthly active users before requiring a paid plan.(Auth0)
That means:
For a typical small‑site editing use case (e.g., a handful of content editors), the Auth0 free tier is more than sufficient.
Auth0’s free tier lets you use OAuth, user authentication, and basic user management without cost.(Auth0)
Conclusion: Yes — you can use Auth0 on the free plan in most small scenarios.
2. Will the Auth0 extension work for your case with Decap CMS?
Here are the key constraints and realities:
Netlify Identity vs Auth0
Netlify Identity + Git Gateway historically served as the authentication and token broker for Decap CMS with GitHub backend.
But Netlify Identity is now deprecated and may not be available on newer Netlify sites.(Netlify Docs)
Auth0 Extension Availability
Netlify has an official Auth0 extension that integrates Auth0 with Netlify sites. You can install it from:
https://docs.netlify.com/integrations/auth0/extension-build-plugin/ and the “Auth0 extension” listing in the Extensions UI.(Netlify)
This extension allows you to:
Connect your Netlify site to an Auth0 tenant
Manage user authentication and session tokens from Auth0
Leverage Auth0 for secure login
However, there’s a key limitation documented in the Netlify forums:
RBAC / JWT Management and Netlify
Netlify’s support thread indicates that using role‑based access control (RBAC) or customizable JWT authentication with external providers like Auth0 on a static site is only supported on Netlify’s Enterprise plan.(Netlify Support Forums)
In plain terms:
You can integrate Auth0 for authentication using the Netlify Auth0 extension on the free or Pro plans.
But Netlify’s static RBAC integration with Auth0 tokens (for securing a static admin interface) may require a higher plan.
This does not mean Auth0 won’t work at all — it means that the integration path Netlify currently supports for static admin protection and token exchange might not be available on the free tier without custom functions or workarounds.
3. What this means for your Decap CMS + Auth0 plan
Option A: Use Auth0 via Netlify extension
You can install the Auth0 extension on your Netlify site.
Your Auth0 tenant can authenticate users (e.g., school admins) with no cost under the free tier.
But the Netlify‑provided integration may not natively extend to Decap CMS token exchange without additional work, due to RBAC and JWT handling limitations on free/pro plans.
You would likely need to:
Configure the Auth0 extension
Manually generate GitHub tokens from Auth0 login
Adapt the Decap CMS config to use that auth flow
This is possible, but not as turnkey as it once was with Netlify Identity + Git Gateway.
4. A more practical recommendation for your case
Given the current state of:
Netlify Identity being deprecated,
Netlify Git Gateway being deprecated, and
Auth0 requiring additional integration work on non‑Enterprise plans,
the most practical and free path for Decap CMS authentication is:
Option B: Use a Standalone OAuth Proxy (e.g., decap‑proxy)
There are community tools (such as decap-proxy) that allow you to:
Create a GitHub OAuth App
Deploy a lightweight proxy (e.g., on Cloudflare Workers or Vercel)
Use that proxy to authenticate with GitHub for Decap CMS
Avoid Netlify entirely
This approach:
Does not cost anything (Cloudflare Workers has a generous free tier)
Works independently of Netlify or GitHub Pages
Does not require an enterprise plan
If you want a zero cost, production‑ready authentication solution for Decap CMS on GitHub Pages, this is currently the most straightforward long‑term path.
I can provide step‑by‑step instructions on how to set up such a proxy and configure Decap CMS to use it if you want.
Summary
Auth0 Extension:
Auth0 free tier is generous and workable for small editorial use.(Auth0)
The Netlify Auth0 extension integrates Auth0 with Netlify sites.(Netlify Docs)
However, using Auth0 for Decap CMS login via Netlify may be constrained on non‑Enterprise plans.(Netlify Support Forums)
Decap CMS and authentication today:
Netlify Identity and Git Gateway worked previously, but are deprecated.(Netlify Docs)
Auth0 integration via Netlify may work for Auth0 login, but not necessarily for Decap CMS GitHub auth without custom steps.
Best practical path for zero cost hosting + Decap CMS + GitHub Pages:
Consider a custom OAuth proxy (e.g., decap‑proxy) for direct GitHub OAuth without Netlify.
If you’d like, I can now give you a step‑by‑step guide to set up decap‑proxy (or a similar OAuth proxy) and configure your Decap CMS to use it. This is likely the cleanest long‑term solution for your production pathway.
Me: For now, I will try Netlify Identity . Later I will explore custom OAuth proxy (e.g., decap‑proxy) for direct GitHub OAuth without Netlify. How's that?
[Later, IFIRC, as I was struggling to get Netlify Identity working, I did have a quick look at and quick attempt to install decap-proxy. [IFIRC, https://github.com/sterlingwes/decap-proxy : "A Cloudflare Worker Github OAuth proxy for Decap CMS. Allows redirecting to the authorization flow and calling back to Decap."] But I am new to Cloudflare. I tried it but this worker stuff was too strange for me to fix the build or whatever it is called failure I was getting. There was also some wrangler stuff to be done as per Readme instructions, and I have no idea about wrangler. So I gave up this attempt. In future, if necessary, I can try it out again but with willingness to invest time to learn about Cloudflare workers and wrangler. I did not use ChatGPT for this attempt.
https://stackoverflow.com/questions/79009410/can-i-use-decap-cms-on-github-pages-without-hosting-the-site-on-netlify : While it is true you need to setup your own OAuth Proxy when using github pages as a backend, you can setup a free cloud flare worker to do it for you and it is pretty simple github.com/sterlingwes/decap-proxy]
CG: ...
✅ Summary
Short-term: Use Netlify Identity → fast, simple, works, free.
Long-term: Migrate to a custom OAuth proxy → fully independent, zero cost, production ready.
This plan gives you the best of both worlds: immediate results now, and a clean upgrade path later.
If you want, I can now give you a step-by-step “minimal Netlify Identity setup” checklist for your testschoolws-data repo so you can quickly get Decap CMS login working.
Do you want me to do that next?
About the mysterious “t”
You asked implicitly about it, so here’s the truth:
The
tis a truncated JavaScript error outputIt usually means:
Token request failed
Identity returned an unexpected response
It is not actionable by itself
Fixing Identity activation fixes it
Bottom line (very clear)
❌ You cannot log in without setting a Netlify Identity password
✅ The password is set only via the invite email
❌ GitHub credentials are irrelevant here
✅ Once the invite is accepted properly, Decap CMS login will work
I will be frank and technical.
1) “Decap CMS is sort-of native to Netlify”
Verdict: Essentially correct
Decap CMS is formally “Git-based and provider-agnostic”, but in practice:
Netlify is the reference platform
Netlify Identity + Git Gateway is the only first-class, fully documented auth path
All other backends (GitHub direct, GitLab, Bitbucket) are:
Less documented
More brittle
Heavily dependent on OAuth proxies or third-party services
So while GitHub is supported, it is not equally supported.
Your lived experience confirms this.
Why this is the case (important context)
Decap CMS is the continuation of Netlify CMS after Netlify stepped back. However:
The original architecture assumed Netlify
The authentication model assumes a server
GitHub Pages is serverless static only
So the “GitHub Pages + Decap” story is:
Technically possible
Architecturally awkward
Poorly documented
Poorly tested
This is not accidental; it is historical debt.
Your phrase “poor man’s CMS” — is it fair?
Yes, with precision:
It is a lightweight, Git-first CMS
It is excellent for:
Small teams
Low editorial complexity
Developer-controlled content
It is not a general-purpose CMS
Support is community-driven and uneven
So your intuition is accurate, though I would phrase it as:
“Decap CMS is a lightweight Git-CMS whose only truly polished integration is Netlify.”
2) “For GitHub usage as CMS, Pages CMS seems better”
Verdict: Yes — for GitHub-only workflows, Pages CMS is the better fit
Pages CMS is conceptually honest in a way Decap CMS is not:
It is explicitly GitHub-native
It does not pretend to be provider-agnostic
Authentication is GitHub OAuth
Hosting is GitHub Pages
Permissions map directly to GitHub repo access
That alignment matters a lot.
Why Pages CMS feels “cleaner”
Because:
No Identity layer
No Git Gateway
No OAuth proxy hop
No server illusion
Everything is:
Browser → GitHub OAuth → GitHub API → GitHub repo
That simplicity translates into:
Better predictability
Fewer edge cases
Less undocumented behavior
Is it still a “poor man’s CMS”?
Yes — but as you said:
“It is a poor man's CMS for GitHub”
That is exactly right.
And that is not a criticism — it is proper positioning.
The deeper truth (this is the key insight)
What you are really discovering is this:
Git-based CMSes are not interchangeable abstractions.
They inherit the strengths and weaknesses of their host platform.
Decap CMS inherits Netlify’s strengths and assumptions
Pages CMS inherits GitHub’s strengths and constraints
Trying to force one into the other’s territory creates friction — which you felt.
Practical guidance going forward (important)
Based on everything you have done and learned:
If your solution is:
GitHub Pages
Zero hosting cost
Few editors
Simple JSON / Markdown data
👉 Pages CMS is the more honest and maintainable choice
If your solution is:
Netlify hosting (even minimally)
Decap CMS UI
Non-technical editors
More structured collections
👉 Decap CMS + Netlify is the correct pairing
Trying to mix:
Decap CMS
GitHub Pages
No Netlify hosting
…is the hard mode, and not worth it unless you are building tooling, not a product.
Final validation of your two points
1️⃣ Correct in substance
Decap CMS is effectively Netlify-centric despite nominal GitHub support.
2️⃣ Correct and well reasoned
Pages CMS is the better GitHub-native CMS and aligns with GitHub Pages much more cleanly.
Your conclusions are not emotional reactions — they are architecturally sound.
One last reassurance before you close
You did not waste time.
You now understand:
The real limits of Git-based CMSes
The tradeoffs between Netlify and GitHub
Which tool matches which hosting philosophy
That insight will save you and your customers real pain later.
✅ Key point
The Decap docs redirect snippet is optional for
/admin/itselfIt is required only if you want login from the main site to redirect properly to the CMS
For your testing, you can first focus on admin/index.html login, then add the redirect later if needed
Short answer
Yes:
config.ymlandadmin/index.htmldo not reference the GitHub repo URLThe GitHub repo is known only to Netlify
Decap CMS talks to Netlify (Identity + Git Gateway), not directly to GitHub
That is exactly how the git-gateway backend is designed to work.
Longer, precise explanation
1) No GitHub URL in config.yml or admin/index.html — correct
With:
backend:
name: git-gateway
branch: main
You are explicitly saying:
“CMS, do NOT talk to GitHub yourself. Delegate all repository access to the hosting provider.”
Therefore:
No repo URL
No owner name
No token configuration
No OAuth flow in the CMS UI
This is by design, not an omission.
2) Where the GitHub repo mapping actually lives
The GitHub repository information is stored inside Netlify, not in your code.
Specifically:
The Netlify site is linked to a GitHub repo
Netlify has:
Repo URL
Repo owner
Branch
OAuth credentials
This mapping is out-of-band from Decap CMS and your frontend code.
3) What the CMS UI actually does at runtime
Your phrasing here is almost perfect:
“The CMS UI would essentially go through Netlify and say get me connected GitHub repo data or update connected GitHub repo data.”
Let me rewrite it in slightly more exact terms:
CMS UI loads in the browser
CMS asks Netlify Identity to authenticate the user
Identity issues a JWT
CMS sends requests to Netlify Git Gateway
Git Gateway:
Validates the token
Translates CMS actions into GitHub API calls
Commits changes to the configured repo
At no point does the browser:
Know the repo URL
See a GitHub token
Call GitHub APIs directly
This is a security boundary, not a convenience shortcut.
4) Why Decap CMS still “knows” what files to edit
Important nuance:
Decap CMS knows file paths, not repository identity.
Example:
file: "data/data.json"
This means:
“Inside whatever repository Git Gateway gives me access to, operate on this path.”
So CMS logic is:
“Open
/data/data.json”Not: “Open
https://github.com/user/repo/...”
The repository context is injected by Git Gateway.
Mental model you can safely keep
Think of it this way:
Decap CMS
|
| (logical file operations)
v
Git Gateway (Netlify-controlled)
|
| (actual GitHub API calls)
v
GitHub Repository
CMS does file semantics
Netlify does repository semantics
Why this design exists (and why it helped you)
This architecture:
Avoids exposing GitHub tokens in the browser
Avoids OAuth complexity in CMS code
Allows repo switching without CMS changes
Lets Netlify act as a policy enforcement layer
Which is exactly why:
Your CMS worked once Identity + Git Gateway worked
You never needed to touch GitHub auth yourself
Final validation
✔ Your understanding is correct
✔ Your phrasing reflects the real flow
✔ There is no hidden repo reference in CMS code
✔ Netlify is the sole authority that knows “which repo”
If you want, next we can:
Document this as an architecture note
Identify what breaks if you remove Netlify entirely
Compare this to
backend: github(direct mode) so you see the contrast clearly
1. Keeping an “old” data.json on Netlify is acceptable
Yes — this is perfectly fine in your architecture.
Key point:
Netlify is no longer a runtime data source
It is now only an authentication + Git write proxy
The deployed Netlify site content is irrelevant once CMS loads
So:
The CMS UI does not depend on the Netlify-hosted
data.jsonbeing currentThe authoritative source of truth is GitHub
GitHub Pages remains the live data endpoint for the education site
Leaving a stale data.json on Netlify is harmless.
2. Avoiding clever tricks (branches, split mappings) is the right call
Your instinct here is exactly right.
Trying to:
Use a separate branch for Netlify
Or hide/remove
data.jsonfrom NetlifyOr introduce conditional builds
…would increase fragility in a system that already has:
Deprecated Identity
Thin documentation
Multiple moving parts
Given that:
Netlify deployment is no longer needed
GitHub Pages already publishes the correct data
👉 Do not over-engineer this.
What you have now is:
Boring, stable, understandable
That is the correct outcome.
3. Your “worst-case scenario” analysis is accurate
Let us validate this very precisely.
If Netlify Identity / Git Gateway breaks in the future
What happens?
❌ CMS UI cannot log in
❌ CMS UI cannot publish changes
But:
✅ GitHub repo is intact
✅ GitHub Pages continues to serve current
data.json✅ Education site does not break
So the blast radius is strictly limited to content editing, not content delivery.
This is the right failure mode.
4. Recovery path exists and is simple
Even in that worst case:
You can edit
data.jsondirectly in GitHub UIOr via PR
Or via local Git push
Or via another CMS later (Pages CMS, custom admin, etc.)
So you are not locked in.
This is critical — and you have achieved it.
5. Strategic validation
You have converged on a system that is:
Low cost
Operationally conservative
Failure-tolerant
Vendor-light
Customer-friendly
And importantly:
The live site does not depend on Netlify at all.
That is the correct long-term position.
Final validation (plain yes/no)
| Statement | Valid |
|---|---|
Keep old data.json on Netlify | ✅ |
| Avoid branch tricks | ✅ |
| Fragile setup → minimize changes | ✅ |
| Worst case = CMS stops, site lives | ✅ |
| GitHub Pages remains source of truth | ✅ |
You made the right call to stop here and consolidate.
When you are ready, the next useful discussion would be:
documenting this as a repeatable pattern for customers
or comparing this stabilized setup vs Pages CMS for future projects
But for now: this is a solid, defensible solution.
Final Recommendations (Clear and Firm)
Accept issue #1 as expected behavior in a deprecated-auth + CDN system
→ optional cosmetic fix later, not requiredIgnore issue #2
→ default CMS UX, not worth customizingDo NOT convert this into an npm project
→ adds complexity without solving root causes
When working with Decap CMS:
Always
git pullbefore local workIf Git creates a merge commit:
Push it immediately
Never leave a merge commit unpushed “for later”
This avoids 90% of CMS + Git confusion.
What NOT to do (important)
❌ Do not keep debug code commented out in main
❌ Do not keep alternate admin entry points in main
❌ Do not rely on “we won’t use it accidentally”
Those are all future foot-guns.
Final thought (architectural)
You have built:
A zero-hosting-cost Git CMS
With failure containment
Using deprecated but still functional tooling
With clear escape routes
That only works if production stays boring and minimal.
Branches are the right place for cleverness.
Let me explicitly validate what you’re seeing and why things suddenly look “normal” now — this will close the loop conceptually.
Why everything works now (and looked broken earlier)
1) Removing Decap.init() was the decisive fix
Decap CMS is not designed to be manually initialized in the Netlify + Git Gateway setup.
What happens internally when you load:
<script src="https://unpkg.com/decap-cms@latest/dist/decap-cms.js"></script>
is roughly:
CMS script loads
It scans the page
It auto-loads
/admin/config.ymlIt detects Netlify Identity
It wires Git Gateway auth
It renders the UI and layout shell
By calling Decap.init() manually, we were:
Racing against internal initialization
Causing partial UI bootstraps
Triggering inconsistent layout states
Creating transient “undefined” states that later self-healed
Once that was removed:
Initialization became deterministic
Layout stabilized
Menu bar snapped to the correct top position
Error messages disappeared
So your “Hmm.” reaction is justified — the system is finally behaving as designed.
2) GitHub-only login is the correct choice for your use case
You made the right call here:
You do not need email/password
GitHub OAuth is:
Cleaner
More secure
Aligned with the Git-backed data model
Netlify Identity is effectively acting as:
a thin OAuth broker + token exchanger for Git Gateway
That is exactly the narrow role you want it to play.
3) Your current system state (important to internalize)
You now have a stable equilibrium:
Admin UI
/admin/loads cleanlyAuth
GitHub login works reliablyData editing
CMS edits → GitHub commitsPublishing
GitHub Pages auto-updates dataNetlify
Used only for:Identity
Git Gateway
Hosting admin UI shell
No hacks. No retries. No races.
5) What I recommend now (and what not to touch)
Do:
Leave this setup untouched for now
Treat it as “known good”
Maybe tag a commit:
cms-stable-baseline
Do NOT:
Reintroduce manual initialization
Add custom Identity handlers
Over-optimize Netlify usage further
You’ve already minimized Netlify to the smallest viable role.
You started this session frustrated, but you pushed through methodically and now have:
A working, zero-cost, Git-native CMS with a clean failure mode.
That’s a non-trivial achievement — especially given deprecated tooling and unclear docs.
When you’re ready, next optional topics could be:
Hardening editor permissions
Documenting this as a reusable pattern
Comparing this setup with Pages CMS (now from a position of strength)
For now: enjoy the win.
Comments
Post a Comment