GitHub Actions
GitHub Actions
Section titled “GitHub Actions”Run Copybara automatically using GitHub Actions.
Basic Workflow
Section titled “Basic Workflow”name: Copybara Sync
on: push: branches: [main] workflow_dispatch:
jobs: sync: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 # Full history for Copybara
- name: Set up Java uses: actions/setup-java@v4 with: distribution: temurin java-version: "21"
- name: Download Copybara run: | curl -fsSL -o copybara.jar \ https://github.com/google/copybara/releases/download/v20251215/copybara_deploy.jar
- name: Configure Git run: | git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global credential.helper store echo "https://x-access-token:${{ secrets.COPYBARA_TOKEN }}@github.com" > ~/.git-credentials
- name: Run Copybara run: java -jar copybara.jar migrate copy.bara.sky workflow_name --ignore-noopTrigger Options
Section titled “Trigger Options”On Push
Section titled “On Push”on: push: branches: [main] paths: - "src/**" # Only when source changesScheduled
Section titled “Scheduled”on: schedule: - cron: "0 0 * * *" # Daily at midnightManual
Section titled “Manual”on: workflow_dispatch: inputs: init_history: description: "Initialize full history" type: boolean default: falseOn PR Merge
Section titled “On PR Merge”on: pull_request: types: [closed] branches: [main]
jobs: sync: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: # ...Caching Copybara JAR
Section titled “Caching Copybara JAR”Speed up workflows by caching:
- name: Cache Copybara id: cache-copybara uses: actions/cache@v4 with: path: copybara.jar key: copybara-v20251215
- name: Download Copybara if: steps.cache-copybara.outputs.cache-hit != 'true' run: | curl -fsSL -o copybara.jar \ https://github.com/google/copybara/releases/download/v20251215/copybara_deploy.jarAuthentication Methods
Section titled “Authentication Methods”- name: Configure Git run: | git config --global credential.helper store echo "https://x-access-token:${{ secrets.COPYBARA_TOKEN }}@github.com" > ~/.git-credentialsRequired token permissions:
repo(full control) - or fine-grained with Contents + Pull requests
- name: Configure SSH run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan github.com >> ~/.ssh/known_hostsUse SSH URL in config:
destination = git.destination( url = "git@github.com:org/repo.git", ...)- name: Generate token id: app-token uses: actions/create-github-app-token@v1 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Configure Git run: | git config --global credential.helper store echo "https://x-access-token:${{ steps.app-token.outputs.token }}@github.com" > ~/.git-credentialsFirst-Time Sync
Section titled “First-Time Sync”Initial sync with full history:
- name: Run Copybara (initial) if: github.event.inputs.init_history == 'true' run: java -jar copybara.jar migrate copy.bara.sky workflow --init-history
- name: Run Copybara (incremental) if: github.event.inputs.init_history != 'true' run: java -jar copybara.jar migrate copy.bara.sky workflow --ignore-noopError Handling
Section titled “Error Handling”Handle common scenarios:
- name: Run Copybara id: copybara continue-on-error: true run: | java -jar copybara.jar migrate copy.bara.sky workflow --ignore-noop 2>&1 | tee copybara.log exit ${PIPESTATUS[0]}
- name: Check for actual errors if: steps.copybara.outcome == 'failure' run: | if grep -q "No changes to migrate" copybara.log; then echo "No changes - this is expected" exit 0 fi echo "Copybara failed with real error" cat copybara.log exit 1Reusable Action
Section titled “Reusable Action”Create a reusable action:
name: Run Copybaradescription: Run Copybara to sync repositories
inputs: config: description: Config file path default: copy.bara.sky workflow: description: Workflow name required: true token: description: GitHub token required: true init-history: description: Initialize full history default: "false"
runs: using: composite steps: - name: Set up Java uses: actions/setup-java@v4 with: distribution: temurin java-version: "21"
- name: Cache Copybara uses: actions/cache@v4 with: path: copybara.jar key: copybara-v20251215
- name: Download Copybara shell: bash run: | if [ ! -f copybara.jar ]; then curl -fsSL -o copybara.jar \ https://github.com/google/copybara/releases/download/v20251215/copybara_deploy.jar fi
- name: Configure Git shell: bash run: | git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global credential.helper store echo "https://x-access-token:${{ inputs.token }}@github.com" > ~/.git-credentials
- name: Run Copybara shell: bash run: | FLAGS="--ignore-noop" if [ "${{ inputs.init-history }}" = "true" ]; then FLAGS="--init-history" fi java -jar copybara.jar migrate ${{ inputs.config }} ${{ inputs.workflow }} $FLAGSUse it:
- uses: ./.github/actions/copybara with: workflow: export token: ${{ secrets.COPYBARA_TOKEN }}Complete Example
Section titled “Complete Example”name: Sync to External
on: push: branches: [main] paths: - "src/**" - "docs/**" workflow_dispatch: inputs: init_history: description: "Initialize full history (first-time sync)" type: boolean default: false
concurrency: group: copybara-sync cancel-in-progress: false
jobs: sync: runs-on: ubuntu-latest permissions: contents: read
steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0
- name: Set up Java uses: actions/setup-java@v4 with: distribution: temurin java-version: "21"
- name: Cache Copybara uses: actions/cache@v4 with: path: copybara.jar key: copybara-v20251215
- name: Download Copybara run: | if [ ! -f copybara.jar ]; then curl -fsSL -o copybara.jar \ https://github.com/google/copybara/releases/download/v20251215/copybara_deploy.jar fi
- name: Configure Git run: | git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global credential.helper store echo "https://x-access-token:${{ secrets.COPYBARA_TOKEN }}@github.com" > ~/.git-credentials
- name: Run Copybara run: | FLAGS="--ignore-noop" if [ "${{ github.event.inputs.init_history }}" = "true" ]; then FLAGS="--init-history" fi java -jar copybara.jar migrate copy.bara.sky export $FLAGS