Changes

Page history
git: review the mirror procedure before converting tor-puppet (#41971) authored by anarcat's avatar anarcat
Hide whitespace changes
Inline Side-by-side
howto/git.md
View page @ 3a585892
......@@ -566,35 +566,42 @@ This procedure is kept for historical purposes only.
If a repository is, for some reason (typically security), not hosted
on GitLab, it can still be mirrored there. A typical example is the
Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)). To mirror the repository, you
need (make sure to run this as the user which hosts the repository,
typically `git`):
Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)).
1. create the repository in GitLab, possibly private itself (but
sometimes it's fine if it's public as well)
The following instructions assume you are mirroring a *private
repository* from a host (`alberti.torproject.org` in this case) where
users typically push in a sandbox user (`git` in this case). We also
assume you have a local clone of the repository you can operate from.
1. add the GitLab remote on the private repository:
1. Create the repository in GitLab, possibly private itself, this can
be done by adding a remote and pushing *from the local clone*:
git remote add gitlab ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
git push gitlab --mirror
1. Add the GitLab remote on the *private repository* (in this case on
`alberti`, running as `git`:
git remote add origin ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
2. create a deploy key on the server:
2. Create a deploy key on the server (again, as `git@alberti`):
ssh-keygen -t ed25519
4. add the deploy key to the repository, in Settings, Repository,
Deploy keys, make sure it has write access, and name it after the
user on the mirrored host (e.g. `git@alberti.torproject.org` in
this case)
4. Add the deploy key to the [GitLab repository](https://gitlab.torproject.org/tpo/tpa/account-keyring), in Settings,
Repository, Deploy keys, make sure it has write access, and name
it after the user on the mirrored host
(e.g. `git@alberti.torproject.org` in this case)
5. protect the branch, in Settings, Repository, Protected branches:
5. Protect the branch, in Settings, Repository, Protected branches:
- Allowed to merge: no one
- Allowed to push and merge: no one, and add the deploy key
6. disable merge requests (in Settings, General) or set them to be
6. Disable merge requests (in Settings, General) or set them to be
"fast-forward only" (in Settings, Merge requests)
7. on the mirrored repository, add a `post-receive` hook like:
7. On the mirrored repository, add a `post-receive` hook like:
```
#!/bin/sh
......
......