External Client Code Sync¶

This guide explains how to configure your project to automatically sync code to external client repositories while protecting internal configurations.

Overview¶

Features

The external sync capability provides:

Automatic code sync to external repositories (e.g., client's GitHub)
Internal pipeline configuration exclusion
Manual trigger controls
Support for main branch and tag syncs

Setup Instructions¶

1. Update Pipeline Configuration¶

Add the sync template to your project's .gitlab-ci.yml:

YAML
include:
  # Main pipeline (required)
  - project: 'stratpoint/engineering-standards'
    ref: main
    file: 'pipelines/ci/gitlab/.gitlab-ci.yml'

  # External sync capability (optional)
  - project: 'stratpoint/engineering-standards'
    ref: main
    file: 'pipelines/ci/gitlab/templates/sync/code-sync.yml'

2. Configure CI/CD Variables¶

Set these variables in your GitLab project's CI/CD settings (Settings > CI/CD > Variables):

Variable	Description	Example
`EXTERNAL_REPO_URL`	URL of the external repository	`https://github.com/client/repo.git`
`EXTERNAL_REPO_BRANCH`	Target branch in external repository	`main`
`EXTERNAL_TOKEN`	Access token for external repository	GitHub Personal Access Token
`GIT_AUTHOR_NAME`	Name to use for sync commits (optional)	`Client Team`
`GIT_AUTHOR_EMAIL`	Email to use for sync commits (optional)	`team@client.com`

Git Author Configuration

If GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL are not set, commits will use your GitLab user details
Set these variables when commits need to appear from a client-specific identity
Useful when syncing to client repositories where commit attribution is important

Access Token Setup¶

GitHub Token Setup

Go to GitHub Settings > Developer settings > Personal access tokens
Create a token with repo scope
Copy the token value
Add it as EXTERNAL_TOKEN in GitLab CI/CD variables

Bitbucket Token Setup

Go to Bitbucket Settings > Access tokens
Create a token with repository write access
Copy the token value
Add it as EXTERNAL_TOKEN in GitLab CI/CD variables

3. Using the Sync Pipeline¶

Once configured, you'll see two new manual jobs in your pipeline:

Available Jobs

sync:external:main
1. Appears when changes are made to main branch
2. Manually trigger to sync main branch changes
3. Use for regular updates
sync:external:tag
1. Appears when a new tag is created
2. Manually trigger to sync tagged releases
3. Use for version releases

How It Works¶

Sync Process¶

Process Steps

Pipeline creates a clean git repository
Adds all project files
Explicitly excludes .gitlab-ci.yml
Creates a commit with [skip ci] tag
Force pushes to external repository

File Exclusion¶

Excluded Files

The following files are automatically excluded from sync:

.gitlab-ci.yml (Internal pipeline configuration)
Any other files that should remain internal

Best Practices¶

Sync Timing

Sync after successful deployment
Sync tagged releases for versioning
Use manual triggers to control timing

Branch Management

Keep external branch names consistent
Use main/master based on client preference
Consider branch protection rules

Security

Use dedicated service accounts for tokens
Regularly rotate access tokens
Monitor sync job logs

Troubleshooting¶

Common Issues¶

Authentication Failures

Verify token has correct permissions
Check token hasn't expired
Ensure token is properly set in CI/CD variables

Sync Conflicts

Check external repository isn't modified directly
Verify branch names match
Review force push permissions

Missing Files

Confirm files are committed in source
Check .gitignore rules
Verify file paths

Support¶

Need Help?

If you encounter issues:

Check pipeline job logs
Review variable configuration
Contact Systems Engineering team

Maintenance¶

Regular Tasks¶

Periodic Maintenance

Review and rotate access tokens
Monitor sync job success rates
Update external repository configurations

Security Considerations¶

Security Checklist

Use dedicated service accounts
Regularly audit access permissions
Monitor external repository activity