A plugin for synchronizing code between different Git platforms. Supports syncing code to other Git hosting platforms via HTTPS or SSH.
For example, syncing from CNB to GitHub.
- Supports both HTTPS (recommended) and SSH authentication
- Supports pushing specific branches or all branches
- Supports pushing tags
- Supports force push
- Configurable Git user information
- Supports custom Git servers
- Supports private repository authentication
The plugin supports two sync modes: Push Mode (default) and Rebase Mode.
Refer to the parameter list below for details.
Directly pushes source repository content to the target repository.
When using Push Mode in CNB, it's recommended to store sensitive information like GIT_USERNAME and GIT_PASSWORD in a secret repository, then reference the variables using imports for improved security.
main:
push:
- stages:
- name: sync to github
image: tencentcom/git-sync
settings:
target_url: https://github.com/username/repo.git
auth_type: https
username: ${GIT_USERNAME}
password: ${GIT_ACCESS_TOKEN}
When using Push Mode in GitHub Actions, note that you need to use GitHub Secrets to securely store sensitive information
name: Sync to CNB
on: [push]
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sync to CNB Repository
run: |
docker run --rm \
-v ${{ github.workspace }}:${{ github.workspace }} \
-w ${{ github.workspace }} \
-e PLUGIN_TARGET_URL="https://cnb.cool/username/repo.git" \
-e PLUGIN_AUTH_TYPE="https" \
-e PLUGIN_USERNAME="cnb" \
-e PLUGIN_PASSWORD=${{ secrets.GIT_PASSWORD }} \
-e PLUGIN_FORCE="true" \
tencentcom/git-sync
Synchronizes code via rebase, preserving specific files in the target repository (such as platform-specific configuration files). Useful for preserving files like .cnb.yml when syncing from GitHub to CNB.
Using Rebase Mode in CNB:
main:
push:
- stages:
- name: sync to github with rebase
image: tencentcom/git-sync
settings:
target_url: https://github.com/username/repo.git
auth_type: https
username: ${GIT_USERNAME}
password: ${GIT_ACCESS_TOKEN}
sync_mode: rebase
Using Rebase Mode in GitHub Actions:
name: Sync to CNB
on: [push]
jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sync to CNB Repository
run: |
docker run --rm \
-v ${{ github.workspace }}:${{ github.workspace }} \
-w ${{ github.workspace }} \
-e PLUGIN_TARGET_URL="https://cnb.cool/username/repo.git" \
-e PLUGIN_AUTH_TYPE="https" \
-e PLUGIN_USERNAME="cnb" \
-e PLUGIN_PASSWORD=${{ secrets.GIT_PASSWORD }} \
-e PLUGIN_SYNC_MODE="rebase" \
tencentcom/git-sync
docker run --rm \
-e PLUGIN_TARGET_URL="https://github.com/username/repo.git" \
-e PLUGIN_AUTH_TYPE="https" \
-e PLUGIN_USERNAME="your-username" \
-e PLUGIN_PASSWORD="your-access-token" \
-e PLUGIN_BRANCH="main" \
-v $(pwd):$(pwd) \
-w $(pwd) \
tencentcom/git-sync
| Parameter | Required | Default | Description |
|---|---|---|---|
| target_url | Yes | - | Target repository URL, supports HTTPS or SSH format |
| auth_type | No | https | Authentication type, options: https or ssh |
| username | No* | - | Username for HTTPS authentication (*required when using HTTPS) |
| password | No* | - | Password or access token for HTTPS authentication (*required when using HTTPS) |
| ssh_key | No* | - | SSH private key content (*required when using SSH) |
| branch | No | - | Target branch to push. When specified, only this branch will be pushed. When not specified, all branches will be pushed |
| force | No | false | Whether to force push (using --force option). Defaults to true in rebase mode |
| push_tags | No | false | Whether to push tags |
| git_user | No | Git Sync Plugin | Username for Git commits |
| git_email | No | git-sync@plugin.local | Email for Git commits |
| git_host | No | - | Custom Git server domain |
| sync_mode | No | push | Sync mode, options: push or rebase (preserve target repository files) |
- When using HTTPS authentication, use access tokens instead of actual passwords
- Ensure sensitive information (passwords, access tokens, SSH keys) is stored in CNB's secret repository and referenced via imports
- If using SSH keys, ensure the keys have appropriate permissions
- Set appropriate access controls on the target repository
-
HTTPS authentication failure
- Verify username and password/token are correct
- Confirm the token has sufficient permissions
- Verify the target repository URL is correct
-
Push failure
- Check write permissions for the target repository
- Verify branch name is correct and if a specific branch was specified
- If encountering conflicts, consider using
force: true
-
Custom Git server
- Ensure
git_hostparameter is set correctly - Verify the server's SSH fingerprint is properly added
- Ensure
