How can I use GitHub Actions to keep a private repository in sync with the panther-analysis repository?

Last updated: September 3, 2024

QUESTION

 How do I manage a fork of panther-analysis in a private repo and keep up to date using GitHub Actions?

ANSWER

 This process can be done using mirroring or subtrees. The following process will use subtrees:

  1. Create a private repository and give it a name.

    • We will use "my-security-repo" as the name in this article.

  2. Run through the following steps once to establish the subtree:

  1. Add a remote repository

    • git remote add panther-analysis git@github.com:panther-labs/panther-analysis.git

  2. Fetch remote repository: panther-analysis

    • git fetch panther-analysis

  3. Add a subtree to the private repository

    • git subtree add --prefix=panther-labs/panther-analysis panther-analysis master --squash

  4. Push the subtree up to my-security-repo

    • git subtree push --prefix=panther-labs/panther-analysis panther-analysis master

  5. Add files, commit, and push to add the subtree (panther-labs/panther-analysis) to my-security-repo

    • git add . && git commit -m 'message here' && git push

Next, create an Action that pulls from the latest versions weekly on Monday:

name: Fetch panther-analysis & Create Pull Request
​
on:
  schedule:
    - cron:  '0 9 * * 1' # Runs at 09:00 UTC on Mon
​
  workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
​
jobs:
​
  sync-panther-analysis:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
        token: ${{ secrets.ACTION_TOKEN }}
        submodules: true
    - name: Configure identity
      run: |
        git config --global user.email "<your.email@test.com"
        git config --global user.name "<Your Name>"
    - name: Add panther-analysis as remote
      run: git remote add panther-analysis https://github.com/panther-labs/panther-analysis.git
    - name: Check remotes
      run: git remote -v
    - name: Fetch panther-analysis
      run: git fetch panther-analysis        
    - name: pull from master branch
      run: git subtree pull --prefix=panther-labs/panther-analysis panther-analysis master --squash
    - name: Create Pull Request on <Your Private Repo>
      uses: peter-evans/create-pull-request@v4.0.4