Mirroring to Github
In the rush to move everything to gitlab, we've accidentally left the github mirrors behind! Those repos were being mirrored by a post-receive hook in gitolite, and they're not being updated anymore. While planning on moving lego to gitlab (lego!47 (merged)), we discussed using gitlab to mirror these repositories, and realized the issue needed its own ticket.
Each gitlab repo has a setting under settings/repository
for mirroring the repository. There are options for the mirror URL (which accepts basic auth username in the URL), mirror direction (push, pull, bi-directional), authentication method (password/token or ssh), keep divergent refs, and mirror only protected branches.
We should decide on the mirror direction, auth method, and the check boxes for keep divergent refs & mirror only protected branches. Here are my thoughts on those:
- Mirror direction
- We have two choices here. We can make github a read-only mirror and have someone manually merge all github PRs into the canonical source (like gus was doing before), or we can make it bi-directional. I saw the docs mention that bi-directional can cause conflicts, but github PRs are infrequent enough that I don't see it being an issue, and fixing occasional conflicts still seems like less work than manually merging everything.
- auth method
- We can authenticate to github with the account password (that seems problematic), an access token with minimal scope, or an ssh pubkey (gitlab generates an ssh key and gives us the pubkey). I personally feel that the ssh method is best from a security perspective. Either way, we'll have to coordinate with whoever manages the github account to enable the auth method for each repository.
- keep divergent refs
- If the mirror ever diverges from gitlab for some reason, this setting controls if gitlab force overwrites the mirror. I think our choice for this mostly depends on the mirror direction
- mirror only protected branches
- What it does is in the name. My personal thoughts are that this should be enabled, and we shouldn't be mirroring feature-branches or branches made for small bugs/hotfixes