Mirror GitHub repository to AWS CodeCommit using GitHub Actions — Atul Anand

GitHub and AWS CodeCommit are two prominent platforms for hosting Git repositories. And, there are numerous situations where mirroring a GitHub repository to AWS CodeCommit becomes essential, particularly for businesses relying on AWS cloud services, like ensuring robust code backup, maintaining build and delivery pipelines, collaborating with AWS CodeCommit users, or leveraging AWS services.

This hands-on blog will guide you through the process of mirroring a GitHub Repository to an AWS CodeCommit Repository. It will allow us to keep our CodeCommit repository up-to-date with changes made in our GitHub repository, enabling a synchronized and streamlined development process.

Let’s achieve this using a powerful automation feature provided by GitHub, called GitHub Actions, in simple 5 Steps!

For reference, view source code on GitHub.

Step 1: Prepare Repositories in GitHub and AWS CodeCommit

Create a GitHub repository in your GitHub account

• For demo purposes, I have created a GitHub repository “mirror-code-source-repo”.

Create a CodeCommit repository in your AWS Account

• Similarly, I have created a CodeCommit repository “mirror-code-destination-repo”, where we want the GitHub repository to be mirrored.

Step 2: Set Up AWS Credentials & GitHub Secrets

Create an IAM User with CodeCommit Access

You can also use your own user. But here, we are trying to follow the least privilege principle. So, it would be better to create a separate user with only CodeCommit permissions.

• Create a User with the name codecommit-user by going to IAM > Users > Create user.

• Attach AWSCodeCommitPowerUser policy directly to the user.

• Review and Create the User.

Create an SSH Key

• Create a key pair publickey.crt and privatekey.pem in a terminal (bash) locally by running the following commands:

$ openssl genrsa -out privatekey.pem 2048
$ openssl rsa -in privatekey.pem -pubout -out publickey.crt

Note: Make sure openssl is installed.

Upload the SSH Public Key for CodeCommit to AWS

• On your AWS Console, go to IAM > Users > codecommit-user > Security Credentials

• Then, go to the section “SSH public keys for AWS CodeCommit” and click on “Upload SSH public key”.

• Copy and Paste the content of the file publickey.crt (which we created in the previous sub-step) in the console, and upload it.

• Make a note of the “SSH Key ID”, as we need it to save as a secret in the GitHub repository.

Create Secrets in the GitHub Repository

• In the GitHub repository, go to Settings > Secrets and variables > Actions > New repository secret

• Create 2 Secrets in the repository:

Key | Value
-----------------------------------------------------------
CODECOMMIT_SSH_PRIVATE_KEY | privatekey.pem (RSA Private Key Content)
CODECOMMIT_SSH_PRIVATE_KEY_ID | APKXXXXXXXXXXXXXXVKJ (SSH Key ID, created in the previous step)

Step 3: Configure GitHub Actions Workflow

Create a Workflow configuration

Create a new file called .github/workflows/mirror-to-codecommit.yml in the GitHub repository and add the following configuration:

name: Mirror GitHub To CodeCommit

on: [push]

jobs:
  mirror_to_codecommit:

    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Mirror to CodeCommit
        uses: pixta-dev/repository-mirroring-action@v1
        with:
          target_repo_url: <AWS_CodeCommit_Repository_SSH_URL>
          ssh_private_key: ${{ secrets.CODECOMMIT_SSH_PRIVATE_KEY }}
          ssh_username: ${{ secrets.CODECOMMIT_SSH_PRIVATE_KEY_ID }}

Replace <AWS_CodeCommit_Repository_SSH_URL> with the SSH URL from the CodeCommit repository.

You can get it from the CodeCommit repository (mirror-code-destination-repo) > Clone URL > Clone SSH

Example:

...
with:
  target_repo_url: ssh://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/mirror-code-destination-repo
...

Step 4: Push changes to the GitHub Repository

Commit and push the .github/workflows/mirror-to-codecommit.yml file to the GitHub repository using the following commands:

$ git status

$ git add .

$ git commit -m 'Added workflow to mirror to CodeCommit'

$ git push origin main

As you can see the push is successful to the GitHub repository. GitHub Actions will automatically run the workflow every time there is a push event on the repository.

Step 5: Verify Mirroring

Check the “Actions” tab of the repository to verify that the workflow was triggered and the workflow run was successful.

Also, check the CodeCommit repository to verify that changes from the GitHub repository are mirrored accurately. You should see the same branches, commits, and files in both repositories.

Voila! You have successfully set up GitHub Actions to mirror the GitHub repository to AWS CodeCommit.

For reference, view source code on GitHub, and the Github Action which we used.

This automation workflow will ensure that the CodeCommit repository is always synchronized with the GitHub repository, facilitating seamless collaboration and integration between these platforms.

This is a minimal workflow configuration, which you can customize further to suit your specific requirements, such as mirroring multiple branches or triggering the workflow on specific events.

Happy Learning! 🚀