Changes

Page history
git: review the mirror procedure before converting tor-puppet (#41971) authored by anarcat's avatar anarcat
Show whitespace changes
Inline Side-by-side
howto/git.md
View page @ 3a585892
...@@ -566,35 +566,42 @@ This procedure is kept for historical purposes only. ...@@ -566,35 +566,42 @@ This procedure is kept for historical purposes only.
If a repository is, for some reason (typically security), not hosted If a repository is, for some reason (typically security), not hosted
on GitLab, it can still be mirrored there. A typical example is the on GitLab, it can still be mirrored there. A typical example is the
Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)). To mirror the repository, you Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)).
need (make sure to run this as the user which hosts the repository,
typically `git`):
1. create the repository in GitLab, possibly private itself (but The following instructions assume you are mirroring a *private
sometimes it's fine if it's public as well) repository* from a host (`alberti.torproject.org` in this case) where
users typically push in a sandbox user (`git` in this case). We also
assume you have a local clone of the repository you can operate from.
1. add the GitLab remote on the private repository: 1. Create the repository in GitLab, possibly private itself, this can
be done by adding a remote and pushing *from the local clone*:
git remote add gitlab ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
git push gitlab --mirror
1. Add the GitLab remote on the *private repository* (in this case on
`alberti`, running as `git`:
git remote add origin ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git git remote add origin ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
2. create a deploy key on the server: 2. Create a deploy key on the server (again, as `git@alberti`):
ssh-keygen -t ed25519 ssh-keygen -t ed25519
4. add the deploy key to the repository, in Settings, Repository, 4. Add the deploy key to the [GitLab repository](https://gitlab.torproject.org/tpo/tpa/account-keyring), in Settings,
Deploy keys, make sure it has write access, and name it after the Repository, Deploy keys, make sure it has write access, and name
user on the mirrored host (e.g. `git@alberti.torproject.org` in it after the user on the mirrored host
this case) (e.g. `git@alberti.torproject.org` in this case)
5. protect the branch, in Settings, Repository, Protected branches: 5. Protect the branch, in Settings, Repository, Protected branches:
- Allowed to merge: no one - Allowed to merge: no one
- Allowed to push and merge: no one, and add the deploy key - Allowed to push and merge: no one, and add the deploy key
6. disable merge requests (in Settings, General) or set them to be 6. Disable merge requests (in Settings, General) or set them to be
"fast-forward only" (in Settings, Merge requests) "fast-forward only" (in Settings, Merge requests)
7. on the mirrored repository, add a `post-receive` hook like: 7. On the mirrored repository, add a `post-receive` hook like:
``` ```
#!/bin/sh #!/bin/sh
... ...
......