olivr / copybara-action Goto Github PK
View Code? Open in Web Editor NEWTransform and move code between repositories. Start with ZERO config and 100% customizable.
License: Apache License 2.0
Transform and move code between repositories. Start with ZERO config and 100% customizable.
License: Apache License 2.0
In our destination repo, we want to have certain files that are only contained in it and not overwritten when pushed to. Specifically we have different github actions in the destination repo vs the SoT repo and don't want them overwritten.
I have already added pr_exludes
to the github action config and it does not seem to be working. The other solution would be to just use our completely custom copy.bara.sky
file, but that removes a lot of the magic of this code that is very nice.
add destination_files = glob(PR_INCLUDE, exclude = PR_EXCLUDE),
to the push workflow
Cannot use ecc keys
Ecc keys should work for ssh keys
Action failed.
Instead of a RSA key, set a ecc ssh key.
Rename the ssh key extension.
set-output
will be deprecated. In order to fix this problem, @actions/core needs to be updated actions/toolkit#1218
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Hi! Thanks for working on this project.
Recently there's a critical bugfix in Copybara upstream and it'd be great if olivr/copybara
image picks it up. It seems the image building action has been paused due to lack of activity.
https://github.com/Olivr/copybara-action/actions/workflows/copybara-docker.yml
Could you manually roll out a new docker build?
Thanks in advance!
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
When provided an access_token, use it for all git operations in additions to github operations. This way a single PAT manages all operations related to copybara. This feature is somewhat described here utilizing github credentials google/copybara#101
I want to copy files from one private repo to another private repo. A github PAT is created with access to both repos, but I do not have a ssh private key for either repo.
action would configure git credentials with the PAT. Copybara would then perform operations utilizing the github pat in the credentials helper.
GitHub changes their SSH RSA host key - https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
The old host key is hard coded here -
copybara-action/src/hostConfig.ts
Line 12 in 784cc18
This action now fails because it cannot connect via SSH
Please make sure you have the correct access rights
and the repository exists.
It runs
The GitHub action fails with:
docker.io/olivr/copybara:latest
/usr/bin/docker run -v /home/runner/work/core/core:/usr/src/app -v /home/runner/.ssh/id_rsa:/root/.ssh/id_rsa -v /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts -v /home/runner/copy.bara.sky:/root/copy.bara.sky -v /home/runner/.gitconfig:/root/.gitconfig -v /home/runner/.git-credentials:/root/.git-credentials -e COPYBARA_CONFIG=/root/copy.bara.sky -e COPYBARA_WORKFLOW=push -e COPYBARA_OPTIONS olivr/copybara copybara
Mar 27, 2023 9:09:30 AM com.google.copybara.Main configureLog
INFO: Setting up LogManager
Copybara source mover (Version: Unknown version)
0327 09:09:30.825 TASK: Cleaning output directory
0327 09:09:30.838 TASK: Running migrate
0327 09:09:30.840 TASK: Loading config /root/copy.bara.sky
0327 09:09:30.991 TASK: Validating configuration
0327 09:09:30.994 TASK: Getting last revision: Resolving origin reference
0327 09:09:30.995 TASK: Git Origin: Initializing local repo
0327 09:09:33.839 TASK: Git Destination: Fetching: [email protected]:sourcery-ai/sourcery-rules.git refs/heads/main
0327 09:09:33.915 ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for github.com has changed,
and the key for the corresponding IP address 140.[82](https://github.com/sourcery-ai/core/actions/runs/4523471705/jobs/7979921608#step:3:83).112.3
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R "github.com"
RSA host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Change the githubKnownHost to the new value found here
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
Copybara stops its process with error 'Cannot find reference 'refs/copybara_fetch/main' even running the copybara-action after GitHub checkout action (actions/checkout@v3
). Tuning on the actions debug flag and download the generated copy.bara.sky file and running the same push operation locally with cloning the origin repo worked fine. The issue only happens run the copybara though the copybara-action.
Copybara runs push operation successfully
Copybara stops push operation with the error
Prerequisites:
source: our private monorepo on GitHub (default branch is main
)
target: our private sub repository GitHub (default branch is main
)
name: test
on:
pull_request:
...
push:
branches:
- main
paths:
- <our monorepo subdir to be copied to target>
jobs:
sync:
name: Sync
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Olivr/[email protected]
with:
ssh_key: ${{ secrets.SSH_KEY }}
access_token: ${{ secrets.GH_TOKEN }}
sot_repo: <our private monorepo>
destination_repo: <our private sub-repo>
push_include: "<our monorepo subdir to be copied to target>"
pr_move: |
||<our monorepo subdir to be copied to target>
copybara_options: --force --init-history
main
and mergemain
core.workflow(
name = "push",
origin = git.github_origin(
url = "[email protected]:<sot_repo_name>.git",
ref = "main",
),
destination = git.destination(
url = "[email protected]:<target_repo_name>.git",
fetch = "main",
push = "main",
),
origin_files = glob(["<path>/**"]),
destination_files = glob(["**"]),
authoring = authoring.pass_thru("github-actions<[email protected]>"),
transformations = [
],
)
As Github is case-insensitive regarding repository names (eg: you can both poll https://github.com/Olivr/copybara-action or https://github.com/olivr/copybara-action), we can easily make a mistake regarding the current repo name (the one in the URL) and the real one (as returned by the github context).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.