I'm not really following you. in this scenario, the source of the truth, is the repo, not necessarily the repo on GitHub. GitHub is just hosting the repo. in your attack situation, since it's trivial to see it was changed, you would just push over the verifiably correct repo and switch hosting providers.

Who would switch?

I could also fork the blockchain, now you have two blockchains. It's the same thing.

Do you understand how a blockchain is secured? If it was the same thing then it would be the same thing, but it is clearly not.

Secure or not you still have two blockchains and people have to decide which one they prefer. Do you understand there have been bitcoin and ethereum forks where exactly that has happened?