How would I allow all commits on a git repo (not Github) to be synced with an external Github repo, by default or setup when the site is provisioned? Something other than each user mirroring the remote? The client needs a mirror of the primary repo for security scans, and doesn't want developers to have access to it. There are webhooks that could be triggered on any commit to the repo, and run such a sync-script.

CodePudding user response：

There are webhooks that could be triggered on any commit to the repo, and run such a sync-script.

Actually, since the repository is hosted on GitHub, it could set up a GitHub Action dedicated workflow for this mirroring.

For instance, actions/mirroring-repository

A GitHub Action for mirroring a repository to another repository on GitHub, GitLab, BitBucket, AWS CodeCommit, etc.

This will copy all commits, branches and tags.

name: Mirroring

on: [push, delete]

jobs:
  to_gitlab:
    runs-on: ubuntu-latest
    steps:                                              # <-- must use actions/checkout before mirroring!
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: pixta-dev/repository-mirroring-action@v1
        with:
          target_repo_url:
            [email protected]:<username>/<target_repository_name>.git
          ssh_private_key:                              # <-- use 'secrets' to pass credential information.
            ${{ secrets.GITLAB_SSH_PRIVATE_KEY }}

If the source repository is not on GitHub, you can still initiate a mirroring, but this time not on every push.
You might set up an action run on a scheduled, which would, every 10 minutes for instance, do a git pull, assuming your external repository :

• can be accessed from internet
• can generate a read-access token, to be installed in your cron workflow as a secret