Code backups are a way to mitigate attack vectors aimed at disrupting the development or running of the Digital Marketplace.
They protect the platform from:
- GitHub outages
- Accidental or malicious deletion of a GitHub repo by an internal or external actor
GitHub would be a single point of failure in our development process without backups somewhere.
For each repo we want to back up there is a backup job on Jenkins. These are created from the a Jenkins job template. The created job polls its given repo for changes to the master branch. On detection of a change to the master branch it will mirror clone the repository from GitHub and then mirror push to an AWS CodeCommit repo.
- adding it to the list of repositories in our Terraform here:
- applying the changes to our AWS infrastructure by:
- Create a job on Jenkins to automatically detect repo changes and back them up by:
- adding the repo name to the code_backups job definition here:
- creating the Jenkins job by running:
make jenkins TAGS=jobs JOBS=code_backupsin
- Adding the new Jenkins job to the code_backups group of jobs by:
- Adding the job name to the list of code-backups jobs in:
- updating Jenkins by running:
make jenkins TAGS=configin
git clone --mirror:
- AWS’ guide to implementing this infrastructure:
- GitHub’s guide on mirroring repos: