Code backups are a way to mitigate attack vectors aimed at disrupting the development or running of the Digital Marketplace.
They protect the platform from:
Accidental or malicious deletion of a GitHub repo by an internal or external actor
GitHub would be a single point of failure in our development process without backups somewhere.
For each repo we want to back up there is a backup job on Jenkins. These are created from the a Jenkins job template. The created job polls its given repo for changes to the master branch. On detection of a change to the master branch it will mirror clone the repository from GitHub and then mirror push to an AWS CodeCommit repo.
adding it to the list of repositories in our Terraform here:
applying the changes to our AWS infrastructure by:
Create a job on Jenkins to automatically detect repo changes and back them up by:
adding the repo name to the code_backups job definition here:
creating the Jenkins job by running:
make jenkins TAGS=jobs JOBS=code_backupsin
Adding the new Jenkins job to the code_backups group of jobs by:
Adding the job name to the list of code-backups jobs in:
updating Jenkins by running:
make jenkins TAGS=configin
git clone --mirror:
AWS’ guide to implementing this infrastructure:
GitHub’s guide on mirroring repos: