Draft: yolo github mirroring
5 unresolved threads
5 unresolved threads
Merge request reports
Activity
marked this merge request as draft from klausenbusk/infrastructure@fcd621f2
Indeed. I was already considering if we could use
DynamicUser=. Let me take a stab at it.-
@anthraxx how this look? Ignore the very bad code quality, but I hope the concept is understandable.
Basically a dedicated user and group (
github-mirror),/srv/gitlab/data/git-data/repositories/read-only bind mounted into/var/lib/github-mirror/repositories/with idmapping (so thegithub-mirroruser can read the files).
- roles/gitlab/files/github-mirror.sh 0 → 100644
6 export GIT_SSH_COMMAND="ssh -i /root/.ssh/id_github_ed25519" 7 declare -A REPOS 8 source /etc/github-mirror 9 10 if [[ -w ${gitlab_data_dir} ]]; then 11 echo "ERROR: GitLab data directory is writable." 12 echo "Please use systemd-run -p ProtectSystem=strict -p StateDirectory=github-mirror --pty --same-dir --wait --collect for testing purposes." 13 exit 1 14 fi 15 16 for repo in "${!REPOS[@]}"; do 17 export GIT_DIR="${STATE_DIRECTORY}/repositories/${REPOS[${repo}]}" 18 hash="$(git show-ref | sha256sum | awk '{print $1}')" 19 state_file="${STATE_DIRECTORY}/${repo//\//_}" 20 if [[ ! -f $state_file ]] || ! cmp -s "${state_file}" <(echo "${hash}"); then 21 git push --dry-run --prune "git@github.com:${repo}.git" +refs/tags/*:refs/tags/* +refs/heads/*:refs/heads/* - roles/gitlab/files/github-mirror.sh 0 → 100644
3 export GIT_CONFIG_COUNT=1 4 export GIT_CONFIG_KEY_0=safe.directory 5 export GIT_CONFIG_VALUE_0="*" 6 export GIT_SSH_COMMAND="ssh -i /root/.ssh/id_github_ed25519" 7 declare -A REPOS 8 source /etc/github-mirror 9 10 if [[ -w ${gitlab_data_dir} ]]; then 11 echo "ERROR: GitLab data directory is writable." 12 echo "Please use systemd-run -p ProtectSystem=strict -p StateDirectory=github-mirror --pty --same-dir --wait --collect for testing purposes." 13 exit 1 14 fi 15 16 for repo in "${!REPOS[@]}"; do 17 export GIT_DIR="${STATE_DIRECTORY}/repositories/${REPOS[${repo}]}" 18 hash="$(git show-ref | sha256sum | awk '{print $1}')" - roles/gitlab/files/github-mirror.sh 0 → 100644
-
While researching #626 (closed) I thought "perhaps we can solve this the same way" with a ruby script.
Fooling around in the rails console, this may be doable.
Some "notes":
irb(main):028:0> p = Project.find_by_full_path("archlinux/infrastructure") => #<Project id:7 archlinux/infrastructure>> irb(main):029:0> r = p.remote_mirrors[0] => #<RemoteMirror:0x00007733ff9e5688 ... irb(main):046:0> p.remote_mirrors.create() => #<RemoteMirror:0x00007733f841dce8 id: nil, project_id: 7, url: nil, enabled: false, update_status: "none", last_update_at: nil, last_successful_update_at: nil, last_update_started_at: nil, last_error: nil, only_protected_branches: false, remote_name: nil, encrypted_credentials: nil, encrypted_credentials_iv: nil, encrypted_credentials_salt: nil, created_at: nil, updated_at: nil, error_notification_sent: nil, keep_divergent_refs: nil, mirror_branch_regex: nil, credentials: nil>This would of course not fix the issue, that gitlab is not deleting deleted branches on the mirror.
-
Something is working:
irb(main):008:0> r = p.remote_mirrors.create(enabled: true, url: "ssh://github.com/archlinux2/infrastructure.git", aut h_method: "ssh_public_key") => #<RemoteMirror:0x00007f29ab96f088 ... irb(main):009:0> r.ssh_public_key => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0iyBF8/bOepc4knhjbjzo7Nin/bx5FPhFyTyY4HAFX5Tx2F3IGy/9+4TD6T4Mv0bjWT1YjXbpdTAqD0+xj56oFHMlVLGF27znkoc6/1Fa5cjoPx1haqgHpaZpVGXZytoe3rSMMZy0OeKuFYckZWDo5AbxjjgyR5U+rd5jqI3iZLdTCWY+6MFOTZIIZwevrofKK72baGq5/9QjBsJ/OfSscw5Ha7rAtc5ZyCheTkef2N9hdBYzq6ha3RFQ9B+QlUVIRRQHyoEz8TUt3/p+FF03GHRkF4Wffp2SFKAQxxqFZlSikCXA8c0BhodEktOt4UfrpYvLeUGslaYNZxrNCjrc+LtxJuQCTmr0EkTAkqZmxLdA47gYDmsM9i5+V4Tm6Rt9JRbxTcKzcF83I4M2pjQkA57ZT1jDWGoUEmkA1kU5/d2NzSq9Olv9fNoXaAVA7k26IfW+fFfNlQT6kNhtFFCxscBMOubqgqCXRHAY9XNu7MsK5xVgE8d1ihpteSKNOOiws12GM4tXk4Z2jFPndYkDM4DXVZltqvR9vq5X6/g3HLZEp1w2XHrt9CJMDRTZefqywSajSZJwij2uLBm2GIOqVswzNNQ5EKJGUWE/8AbgDF0gTGZwurQOswY5XEaNRTsqa+dgAHUsTK+qXyORSd8XtuFkeITKEBcuPKV4+sMRZw== git@gitlab.archlinux.org"
mentioned in issue #540
Please register or sign in to reply