scripts/push-repo-mirrors.bash


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#!/bin/bash

# This script pushes the repository mirrors to their respective remote URLs if they are defined in the .gitinfo file.

LOCK_FILE=/var/lock/push-repo-mirrors.lock

exec 9>"$LOCK_FILE"
if ! flock --nonblock 9; then
  echo "Another instance is already running. Exiting."
  exit 1
fi

for repository in /repositories/*; do
  echo "Processing repository: $(basename "$repository")"

  cd /repositories/$(basename "$repository")

  gitinfoExists=$(git ls-tree HEAD -- .gitinfo 2>/dev/null)

  echo "gitinfoExists: $gitinfoExists"

  # does gitinfo exist?
  if [ -z "$gitinfoExists" ]; then
    echo "No .gitinfo found for $(basename "$repository"). Skipping."
    continue
  fi

  gitinfoContents=$(git cat-file -p @:.gitinfo)

  echo "gitinfoContents: $gitinfoContents"

  # extract mirrors from gitinfo (json format)
  mirrors=$(echo "$gitinfoContents" | jq -r '.mirrors[]')

  echo "Extracted mirrors: $mirrors"

  # push to each mirror
  while IFS= read -r mirror; do
    [ -z "$mirror" ] && continue
    case "$mirror" in
      *github.com*)
        # do we have a /run/secrets/github_token defined?
        if [ ! -f /run/secrets/github_token ]; then
          echo "/run/secrets/github_token not found. Skipping push to $mirror."
          continue
        fi

        GITHUB_TOKEN=$(cat /run/secrets/github_token)

        mirror_host="${mirror#https://}"

        # Update the GitHub repo's default branch to match the local HEAD before mirroring,
        # so that --mirror can delete any branch that was previously the default.
        local_default=$(git symbolic-ref --short HEAD 2>/dev/null)
        github_repo="${mirror#https://github.com/}"
        if [ -n "$local_default" ]; then
          echo "Setting GitHub default branch to '$local_default' for $github_repo"
          if ! curl -sf -X PATCH \
            -H "Authorization: Bearer $GITHUB_TOKEN" \
            -H "Accept: application/vnd.github+json" \
            -d "{\"default_branch\":\"$local_default\"}" \
            "https://api.github.com/repos/$github_repo" > /dev/null; then
            echo "Error: failed to update default branch on GitHub for $github_repo. Skipping push."
            continue
          fi
        fi

        echo "Pushing to GitHub mirror: $mirror"
        git push --mirror "https://x-access-token:$GITHUB_TOKEN@$mirror_host" 2>&1 | sed "s/$GITHUB_TOKEN/[REDACTED]/g" || echo "Failed to push to $mirror"
        ;;
      *)
        echo "Unknown mirror type: $mirror. Skipping."
        ;;
    esac
  done <<< "$mirrors"
done