A plugin for synchronizing code between different Git platforms. Supports code synchronization to other Git hosting platforms via HTTPS or SSH.
For example, syncing from CNB to GitHub.
- Supports both HTTPS (recommended) and SSH authentication methods
- Supports pushing specific branches or all branches
- Supports pushing tags
- Supports force push
- Configurable Git user information
- Supports custom Git servers
- Supports private repository authentication
The plugin supports two sync modes: Push mode (default) and Rebase mode.
Please refer to the parameter list below for specific parameters.
When using push mode in GitHub Actions, you need to use GitHub Secrets to securely store sensitive information. If branches created by dependabot also need to be synced, please also configure Dependabot Secrets.
# .github/workflows/sync-cnb.yml
name: Sync to CNB
on: [push]
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sync to CNB Repository
uses: docker://tencentcom/git-sync
env:
PLUGIN_TARGET_URL: "https://cnb.cool/username/repo.git"
PLUGIN_AUTH_TYPE: "https"
PLUGIN_USERNAME: "cnb"
PLUGIN_PASSWORD: ${{ secrets.GIT_PASSWORD }}
PLUGIN_FORCE: "true"
Using rebase mode in GitHub Actions:
# .github/workflows/sync-cnb.yml
name: Sync to CNB
on: [push]
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sync to CNB Repository
uses: docker://tencentcom/git-sync
env:
PLUGIN_TARGET_URL: "https://cnb.cool/username/repo.git"
PLUGIN_AUTH_TYPE: "https"
PLUGIN_USERNAME: "cnb"
PLUGIN_PASSWORD: ${{ secrets.GIT_PASSWORD }}
PLUGIN_SYNC_MODE: "rebase"
Configure a pipeline in CNB to periodically pull from GitHub repository:
# .cnb.yml
main:
"crontab: 0 1 * * *": # Execute at 1:00 AM daily
- name: sync from github
stages:
- name: sync from github
image: tencentcom/git-sync
settings:
target_url: https://github.com/username/repo.git
auth_type: https
username: ${GIT_USERNAME}
password: ${GIT_ACCESS_TOKEN}
sync_mode: pull
When using push mode in CNB, it is recommended to store sensitive information like GIT_USERNAME, GIT_PASSWORD in the key repository, then use imports to reference variables for enhanced security.
# .cnb.yml
main:
push:
- stages:
- name: sync to github
image: tencentcom/git-sync
settings:
target_url: https://github.com/username/repo.git
auth_type: https
username: ${GIT_USERNAME}
password: ${GIT_ACCESS_TOKEN}
Synchronizes code using rebase method, preserving specific files in the target repository (such as platform-specific configuration files). Suitable for scenarios like keeping .cnb.yml when syncing from GitHub to CNB.
Using rebase mode in CNB:
# .cnb.yml
main:
push:
- stages:
- name: sync to github with rebase
image: tencentcom/git-sync
settings:
target_url: https://github.com/username/repo.git
auth_type: https
username: ${GIT_USERNAME}
password: ${GIT_ACCESS_TOKEN}
sync_mode: rebase
Configure a pipeline in GitHub to periodically pull from CNB repository:
# .github/workflows/sync-cnb.yml
name: Sync from CNB
on:
schedule:
- cron: "0 1 * * *" # Execute at 1:00 AM daily
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sync from CNB Repository
uses: docker://tencentcom/git-sync
env:
PLUGIN_TARGET_URL: "https://cnb.cool/username/repo.git"
PLUGIN_AUTH_TYPE: "https"
PLUGIN_USERNAME: "cnb"
PLUGIN_PASSWORD: ${{ secrets.GIT_PASSWORD }}
PLUGIN_SYNC_MODE: "pull"
docker run --rm \
-e PLUGIN_TARGET_URL="https://github.com/username/repo.git" \
-e PLUGIN_AUTH_TYPE="https" \
-e PLUGIN_USERNAME="your-username" \
-e PLUGIN_PASSWORD="your-access-token" \
-e PLUGIN_BRANCH="main" \
-v $(pwd):$(pwd) \
-w $(pwd) \
tencentcom/git-sync
| Parameter | Required | Default | Description |
|---|---|---|---|
| target_url | Yes | - | Target (destination) repository URL, supports HTTPS or SSH format |
| auth_type | No | https | Authentication type for the target, options: https or ssh |
| username | No* | - | Username for target HTTPS auth (*required when using HTTPS) |
| password | No* | - | Password or access token for target HTTPS (*required when using HTTPS) |
| ssh_key | No* | - | SSH private key content for the target (*required when using SSH) |
| source_url | No | - | Source (origin) repository URL; falls back to the current working directory's origin if not set |
| source_auth_type | No | same as auth_type | Authentication type for the source, options: https or ssh |
| source_username | No | same as username | Username for source HTTPS auth |
| source_password | No | same as password | Password or access token for source HTTPS auth |
| source_ssh_key | No | same as ssh_key | SSH private key content for the source |
| branch | No | - | Target branch to push. Only pushes this branch when specified. Pushes all branches if not specified |
| force | No | false | Enable force push (--force option). Default true in rebase mode |
| push_tags | No | false | Whether to push tags |
| git_user | No | Git Sync Plugin | Username used for Git commits |
| git_email | No | git-sync@plugin.local | Email used for Git commits |
| git_host | No | - | Custom Git server domain |
| sync_mode | No | push | Sync mode, options: push, rebase (preserve target repo files) or pull |
- When using HTTPS authentication, it's recommended to use access tokens instead of actual passwords
- Ensure sensitive information (passwords, access tokens, SSH keys) is stored in CNB's key repository and imported via imports
- If using SSH keys, ensure they have appropriate permissions
- Recommended to set appropriate access control on target repositories
-
HTTPS Authentication Failure
- Check if username and password/token are correct
- Confirm if token has sufficient permissions
- Verify target repository URL is correct
-
Push Failure
- Check if you have write permissions to target repository
- Confirm branch name is correct if specific branch is specified
- Consider using
force: trueif encountering conflicts
-
Custom Git Server
- Ensure
git_hostparameter is set correctly - Check if server's SSH fingerprint is properly added
- Ensure
-
Syncing branches created by dependabot[bot] fails
