Azure DevOps Repos synchronization between Organization

2
votes

We have two Azure DevOps Organizations, 1. Development 2. Client

I would like to know if we can synchronize Azure DevOps Repos from one organization (Development) to different organization (Client) in a secure way? If it is possible, what would be the best way to sync from one organization to another securely?

NOTE: We are able to manually clone the Repo from one to another organization for the first time with the help of PAT and GIT Auth but the problem arises when we want to update or re-sync the code. We have to manually re-import the repo (By deleting the existing one) to make changes.

We need to do this programmatically and to another organization.

1
azure-devopsazure-repos

1 Answers

5
votes

Azure DevOps Repos synchronization between Organization

Sorry but as I know there's no such out-of-box feature available in Azure Devops Service.

There're similar user voices here: Sync between projects in same org and Automatically Sync Azure Devops Repos with GitHub Repos. Usually one organization is responsible for one product, so Azure Devops doesn't recommend cross-organization actions. But if you do want this behavior in your scenario, you can use these two directions:

1.Try free Git Tools for Azure Devops extension from Martin Hinshelwood. Some steps about how to use it:

  1. Install it in your Development organization, it contains one Publish Git Repo task.

  2. Create a new classic build pipeline named SyncRepos, add the Publish Git Repo task in it.

    (Yaml pipeline also works well, but since this is one pipeline in which only exists one task, classic pipeline is enough)

  3. Configure the task. We only need to configure the git repo url, so it's quite easy.

    enter image description here

    Assuming the name of same repos in another organization Client is ReposToSync, and this repos is in ProjectA. So the url you should enter in pipeline(in organization Development) should be:

    See this: https://anything:[email protected]/Client/ProjectA/_git/ReposToSync.

    (You should use a PAT which has repos-related permissions. I used Full Access one to test it easily but it should be much better if you create a PAT scoped in repos permissions. It's more secure !)

  4. Now set the trigger, enable the CI and add all the branches into filter.

    enter image description here

    Yaml pipeline is better in step4 cause it supports trigger all branches with wildcard *. See this.

  5. Now in Development organization, when I have any change in master and qwe branches, it will automatically trigger the pipeline to run. Then the task will sync the changes in Development's repos with repos in 'Client' organization.

    Any change in Development org will start a sync, if you want to same behavior in 'Client', you also need another similar pipeline in 'Client'. And, yaml pipeline with wildcard is better if you want the pipeline to monitor newly created branch.

In additions: Apart from using the task from extension, we can also use git commands in CMD task if you're familiar with those commands.

2.Feel free to post a new feature request to our User Voice forum. If you gets enough votes, the request's priority increases and the team would consider it seriously.

Hope all above helps :)

Update1:

No matter git commands or extension, if we want to make it more secure(avoid using PAT or other secrets directly in task), we can use secrets to store the important info like PAT.

1.See create secret variable in Variable Group, then link the variable group, after that we can use $(MyPat) in task and it won't be displayed in log.

2.Also you can consider using Azure Key Valut. Related doc: Link secrets from an Azure key vault.