ContextQMD
Back to Gitlabhq

Migrate from GitHub

doc/user/project/import/github.md

18.11.229.8 KB
Original Source

{{< details >}}

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

{{< history >}}

{{< /history >}}

You can import your GitHub projects from either GitHub.com or GitHub Enterprise. Importing projects does not migrate or import any types of groups or organizations from GitHub to GitLab.

Imported issues, merge requests, comments, and events have an Imported badge in GitLab.

The namespace is a user or group in GitLab, such as gitlab.com/sidney-jones or gitlab.com/customer-success.

Using the GitLab UI, the GitHub importer always imports from the github.com domain. If you are importing from a self-hosted GitHub Enterprise Server domain, use the import API GitHub endpoint with a GitLab access token with the api scope.

You can change the target namespace and target repository name before you import.

<i class="fa-youtube-play" aria-hidden="true"></i> For an overview of the import process, see how to migrate from GitHub to GitLab including actions.

Estimating import duration

Every import from GitHub is different, which affects the duration of imports you perform. However, in testing, GitLab imported https://github.com/kubernetes/kubernetes in 76 hours. Tests showed that the project comprised:

  • 80,000 pull requests.
  • 45,000 issues.
  • Approximately 1.5 million comments.

Prerequisites

To import projects from GitHub, you must enable the GitHub import source. If that import source is not enabled, ask your GitLab administrator to enable it. The GitHub import source is enabled by default on GitLab.com.

Permissions and roles

To use the GitHub importer, you must have:

  • Access to the source GitHub project
  • The Maintainer or Owner role for the destination GitLab group (introduced in GitLab 16.0)

Also, the organization the GitHub repository belongs to must not impose restrictions of a third-party application access policy on the GitLab instance you import to.

Accounts for user contribution mapping

{{< history >}}

{{< /history >}}

Known issues

  • GitHub pull request comments (known as diff notes in GitLab) created before 2017 are imported in separate threads. This occurs because of a limitation of the GitHub API that doesn't include in_reply_to_id for comments before 2017.

  • In GitLab 18.3 and earlier, Markdown attachments from repositories on GitHub Enterprise Server instances are not imported. In GitLab 18.4 and later:

    • Only video and image files in Markdown attachments are imported.
    • Other file attachments are not imported.

  • Because of a known issue, when importing projects that used GitHub auto-merge, the imported project in GitLab can have merge commits labeled unverified if the commit was signed with the GitHub internal GPG key.

  • GitLab can't import GitHub Markdown image attachments that were uploaded to private repositories before 2023-05-09. If you encounter this problem and are willing to provide a sample repository, add a comment to issue 424046 and GitLab will contact you.

  • For GitLab-specific references, GitLab uses the # character for issues and a ! character for merge requests. However, GitHub uses only the # character for both issues and pull requests. When importing:

    • Comment notes, GitLab only creates links to issues because GitLab can't determine whether a references points to an issue or a merge request.
    • Issues or merge request descriptions, GitLab doesn't create links for any references because their imported counterparts might not have been created on the destination yet.

  • When importing from GitHub accounts with SAML single sign-on (SSO) enabled, Markdown attachments might fail to import. This issue is caused by a GitHub API limitation where assets cannot be downloaded using a personal access token when SSO is enforced. To workaround the issue, add the GitLab user performing the import as an outside collaborator to the GitHub repository. This permits access to private attachments during import.

Import your GitHub repository into GitLab

You can import your GitHub repository by either:

If importing from github.com you can use any method to import. Self-hosted GitHub Enterprise Server customers must use the API.

Use GitHub OAuth

If you are importing to GitLab.com or to a GitLab Self-Managed that has GitHub OAuth configured, you can use GitHub OAuth to import your repository.

This method has an advantage over using a personal access token (PAT) because the backend exchanges the access token with the appropriate permissions.

  1. In the upper-right corner, select Create new ({{< icon name="plus" >}}) and New project/repository.
  2. Select Import project and then GitHub.
  3. Select Authorize with GitHub.
  4. Proceed to selecting which repositories to import.

To use a different method to perform an import after previously performing these steps, sign out of your GitLab account and sign in again.

Use a GitHub personal access token

To import your GitHub repository using a GitHub personal access token:

  1. Generate a GitHub personal access token. Only classic personal access tokens are supported.
    1. Go to https://github.com/settings/tokens/new.
    2. In the Note field, enter a token description.
    3. Select the repo scope.
    4. Optional. To import collaborators, or if your project has Git LFS files, select the read:org scope.
    5. Select Generate token.
  2. In the upper-right corner, select Create new ({{< icon name="plus" >}}) and New project/repository.
  3. Select Import project and then GitHub.
  4. Select Authorize with GitHub.
  5. In the Personal access token field, paste the GitHub personal access token.
  6. Select Authenticate.
  7. Proceed to selecting which repositories to import.

To use a different token to perform an import after previously performing these steps, sign out of your GitLab account and sign in again, or revoke the older token in GitHub.

Use the API

The import API can be used to import a GitHub repository. It has some advantages over using the GitLab UI:

  • Can be used to import GitHub repositories that you do not own if they are public.
  • It can be used to import from a GitHub Enterprise Server that is self-hosted.
  • Can be used to set the timeout_strategy option that is not available to the UI.

The REST API is limited to authenticating with GitLab personal access tokens.

To import your GitHub repository using the GitLab REST API:

  1. Generate a GitHub personal access token. Only classic personal access tokens are supported.
    1. Go to https://github.com/settings/tokens/new.
    2. In the Note field, enter a token description.
    3. Select the repo scope.
    4. Optional. To import collaborators, or if your project has Git LFS files, select the read:org scope.
    5. Select Generate token.
  2. Use the import API to import your GitHub repository.

Filter repositories list

{{< history >}}

{{< /history >}}

After you authorize access to your GitHub repositories, GitLab redirects you to the importer page and your GitHub repositories are listed.

Use one of the following tabs to filter the list of repositories:

  • Owner (default): Filter the list to the repositories that you are the owner of.
  • Collaborated: Filter the list to the repositories that you have contributed to.
  • Organization: Filter the list to the repositories that belong to an organization you are a member of.

When the Organization tab is selected, you can further narrow down your search by selecting an available GitHub organization from a dropdown list.

Select additional items to import

{{< history >}}

{{< /history >}}

To make imports as fast as possible, the following items aren't imported from GitHub by default:

  • More than approximately 30,000 comments because of a limitation of the GitHub API.
  • Markdown attachments from repository comments, release posts, issue descriptions, and pull request descriptions. These can include images, text, or binary attachments. If not imported, links in Markdown to attachments break after you remove the attachments from GitHub.

You can choose to import these items, but this could significantly increase import time. To import these items, select the appropriate fields in the UI:

Select which repositories to import

By default, the proposed repository namespaces match the names as they exist in GitHub, but based on your permissions, you can choose to edit these names before you proceed to import any of them.

To select which repositories to import, next to any number of repositories select Import or select Import all repositories.

Additionally, you can filter projects by name. If a filter is applied, Import all repositories only imports matched repositories.

The Status column shows the import status of each repository. You can choose to keep the page open and watch updates in real time or you can return to it later.

To cancel imports that are pending or in progress, next to the imported project, select Cancel. If the import has already started, the imported files are kept.

To open a repository in GitLab URL after it has been imported, select its GitLab path.

Completed imports can be re-imported by selecting Re-import and specifying new name. This creates a new copy of the source project.

Check status of imports

{{< history >}}

  • Details of partially completed imports with a list of entities that failed to import introduced in GitLab 16.1.

{{< /history >}}

After imports are completed, they can be in one of three states:

  • Complete: GitLab imported all repository entities.
  • Partially completed: GitLab failed to import some repository entities.
  • Failed: GitLab aborted the import after a critical error occurred.

Expand Details to see a list of repository entities that failed to import.

Username mentions

{{< history >}}

{{< /history >}}

GitLab adds backticks to username mentions in issues, merge requests, and notes. These backticks prevent linking to an incorrect user with the same username on the GitLab instance.

User contribution and membership mapping

{{< history >}}

{{< /history >}}

The GitHub importer uses a post-migration method of mapping user contributions for GitLab.com, GitLab Self-Managed, and GitLab Dedicated.

Alternative method of mapping

In GitLab 18.7 and earlier, you can disable the github_user_mapping feature flag to use the alternative user contribution mapping method for imports.

[!flag] The availability of this feature is controlled by a feature flag. This feature is not recommended and is unavailable for:

  • Migrations to GitLab.com.
  • Migrations to GitLab Self-Managed and GitLab Dedicated 18.8 and later.

Problems that are found in this mapping method are unlikely to be fixed. Use the post-migration method instead that doesn't have these limitations.

For more information, see issue 510963.

Requirements:

  • Each GitHub author and assignee in the repository must have a public-facing email address. GitHub Enterprise does not require a public email address, so you might have to add it to existing accounts.
  • The GitHub user's email address must match their GitLab email address.
  • If a user's email address in GitHub is set as their secondary email address in GitLab, they must confirm it.

Using this method, when user accounts are provisioned correctly, users are mapped during the import.

If the requirements are not met, the importer can't map the particular user's contributions. In this case:

  • The project creator is set as the author and assignee of issues and merge requests. The project creator is usually the user that initiated the import process. For some contributions that have a description or note such as pull requests, issue, notes, the importer amends the text with details of who originally created the contribution.
  • Reviewers and approvals added on pull requests in GitHub cannot be imported. In this case, the importer creates comments describing that non-existent users were added as reviewers and approvers. However, the actual reviewer status and approval are not applied to the merge request in GitLab.

Mirror a repository and share pipeline status

{{< details >}}

  • Tier: Premium, Ultimate

{{< /details >}}

Depending on your GitLab tier, repository mirroring can be set up to keep your imported repository in sync with its GitHub copy.

Additionally, you can configure GitLab to send pipeline status updates back to GitHub with the GitHub Project Integration.

If you import your project using CI/CD for external repository, then both features are automatically configured.

[!note] Mirroring does not sync any new or updated pull requests from your GitHub project.

Improve the speed of imports on GitLab Self-Managed instances

Administrator access on the GitLab server is required for these steps.

Increase the number of Sidekiq workers

For large projects it may take a while to import all data. To reduce the time necessary, you can increase the number of Sidekiq workers that process the following queues:

  • github_importer
  • github_importer_advance_stage

For an optimal experience, it's recommended having at least 4 Sidekiq processes (each running a number of threads equal to the number of CPU cores) that only process these queues. It's also recommended that these processes run on separate servers. For 4 servers with 8 cores this means you can import up to 32 objects (for example, issues) in parallel.

Reducing the time spent in cloning a repository can be done by increasing network throughput, CPU capacity, and disk performance (by using high performance SSDs, for example) of the disks that store the Git repositories (for your GitLab instance). Increasing the number of Sidekiq workers does not reduce the time spent cloning repositories.

Enable GitHub OAuth using a GitHub Enterprise Cloud OAuth App

If you belong to a GitHub Enterprise Cloud organization you can configure GitLab Self-Managed to obtain a higher GitHub API rate limit.

GitHub API requests are usually subject to a rate limit of 5,000 requests per hour. Using the steps below, you obtain a higher 15,000 requests per hour rate limit, resulting in a faster overall import time.

Prerequisites:

To enable a higher rate limit:

  • Create an OAuth app in GitHub. Ensure that the OAuth app is owned by the Enterprise Cloud Organization, not your personal GitHub account.
  • Perform the project import using GitHub OAuth.
  • Optional. By default, sign-in is enabled for all configured OAuth providers. If you want to enable GitHub OAuth for imports but you want to prevent the ability for users to sign in to your GitLab instance with GitHub, you can disable sign-in with GitHub.

Imported data

The following items of a project are imported:

  • All fork branches of the project related to open pull requests

    [!note] Fork branches are imported with a naming scheme similar to GH-SHA-username/pull-request-number/fork-name/branch.

  • All project branches

  • Attachments for:

    • Comments
    • Issue descriptions
    • Pull request descriptions
    • Release notes

  • Branch protection rules

  • Collaborators (members)

  • Git LFS objects

  • Git repository data

  • Issue and pull request comments

  • Issue and pull request events (can be imported as an additional item)

  • Issues

  • Labels

  • Milestones

  • Pull request assigned reviewers

  • Pull request merged by information

  • Pull request reviews

  • Pull request review comments

  • Pull request review replies to discussions

  • Pull request review suggestions

  • Pull requests

  • Release notes content

  • Repository descriptions

  • Wiki pages

References to pull requests and issues are preserved. Each imported repository maintains visibility level unless that visibility level is restricted, in which case it defaults to the default project visibility.

Branch protection rules and project settings

Imported GitHub branch protection rules are mapped to one of the following:

  • GitLab branch protection rules
  • Project-wide GitLab settings
GitHub ruleGitLab rule
Require conversation resolution before merging for the project's default branchAll threads must be resolved project setting
Require a pull request before mergingNo one option in the Allowed to push and merge branch protection settings
Require signed commits for the project's default branchReject unsigned commits GitLab push rule
Allow force pushes - EveryoneAllowed to force push branch protection setting
Require a pull request before merging - Require review from Code OwnersRequire approval from code owners branch protection setting
Require a pull request before merging - Allow specified actors to bypass required pull requestsList of users in the Allowed to push and merge branch protection settings. Without a GitLab Premium subscription, the list of users that are allowed to push and merge is limited to roles.

The Require status checks to pass before merging GitHub rule is not imported. You can still create external status checks manually. For more information, see issue 370948.

Collaborators (members)

{{< history >}}

  • Importing collaborators as an additional item introduced in GitLab 16.0.

{{< /history >}}

These GitHub collaborator roles are mapped to these GitLab member roles:

GitHub roleMapped GitLab role
ReadGuest
TriageReporter
WriteDeveloper
MaintainMaintainer
AdminOwner

GitHub Enterprise Cloud has custom repository roles. These roles aren't supported and cause partially completed imports.

To import GitHub collaborators, you must have the Write or Maintain role on the GitHub project. Otherwise collaborators import is skipped.

Import from GitHub Enterprise on an internal network

If your GitHub Enterprise instance is on a internal network that is inaccessible to the internet, you can use a reverse proxy to allow GitLab.com to access the instance.

The proxy needs to:

  • Forward requests to the GitHub Enterprise instance.
  • Convert to the public proxy hostname all occurrences of the internal hostname in:
    • The API response body.
    • The API response Link header.

GitHub API uses the Link header for pagination.

After configuring the proxy, test it by making API requests. Below there are some examples of commands to test the API:

shell
curl --header "Authorization: Bearer <YOUR-TOKEN>" "https://{PROXY_HOSTNAME}/user"

### URLs in the response body should use the proxy hostname

{
  "login": "example_username",
  "id": 1,
  "url": "https://{PROXY_HOSTNAME}/users/example_username",
  "html_url": "https://{PROXY_HOSTNAME}/example_username",
  "followers_url": "https://{PROXY_HOSTNAME}/api/v3/users/example_username/followers",
  ...
  "created_at": "2014-02-11T17:03:25Z",
  "updated_at": "2022-10-18T14:36:27Z"
}
shell
curl --head --header "Authorization: Bearer <YOUR-TOKEN>" "https://{PROXY_DOMAIN}/api/v3/repos/{repository_path}/pulls?states=all&sort=created&direction=asc"

### Link header should use the proxy hostname

HTTP/1.1 200 OK
Date: Tue, 18 Oct 2022 21:42:55 GMT
Server: GitHub.com
Content-Type: application/json; charset=utf-8
Cache-Control: private, max-age=60, s-maxage=60
...
X-OAuth-Scopes: repo
X-Accepted-OAuth-Scopes:
github-authentication-token-expiration: 2022-11-22 18:13:46 UTC
X-GitHub-Media-Type: github.v3; format=json
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 4997
X-RateLimit-Reset: 1666132381
X-RateLimit-Used: 3
X-RateLimit-Resource: core
Link: <https://{PROXY_DOMAIN}/api/v3/repositories/1/pulls?page=2>; rel="next", <https://{PROXY_DOMAIN}/api/v3/repositories/1/pulls?page=11>; rel="last"

Also test that cloning the repository using the proxy does not fail:

shell
git clone -c http.extraHeader="Authorization: basic <base64 encode YOUR-TOKEN>" --mirror https://{PROXY_DOMAIN}/{REPOSITORY_PATH}.git

Sample reverse proxy configuration

The following configuration is an example on how to configure Apache HTTP Server as a reverse proxy

[!warning] For simplicity, the snippet does not have configuration to encrypt the connection between the client and the proxy. However, for security reasons you should include that configuration. See sample Apache TLS/SSL configuration.

plaintext
# Required modules
LoadModule filter_module lib/httpd/modules/mod_filter.so
LoadModule reflector_module lib/httpd/modules/mod_reflector.so
LoadModule substitute_module lib/httpd/modules/mod_substitute.so
LoadModule deflate_module lib/httpd/modules/mod_deflate.so
LoadModule headers_module lib/httpd/modules/mod_headers.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so

<VirtualHost GITHUB_ENTERPRISE_HOSTNAME:80>
  ServerName GITHUB_ENTERPRISE_HOSTNAME

  # Enables reverse-proxy configuration with SSL support
  SSLProxyEngine On
  ProxyPass "/" "https://GITHUB_ENTERPRISE_HOSTNAME/"
  ProxyPassReverse "/" "https://GITHUB_ENTERPRISE_HOSTNAME/"

  # Replaces occurrences of the local GitHub Enterprise URL with the Proxy URL
  # GitHub Enterprise compresses the responses, the filters INFLATE and DEFLATE needs to be used to
  # decompress and compress the response back
  AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE application/json
  Substitute "s|https://GITHUB_ENTERPRISE_HOSTNAME|https://PROXY_HOSTNAME|ni"
  SubstituteMaxLineLength 50M

  # GitHub API uses the response header "Link" for the API pagination
  # For example:
  #   <https://example.com/api/v3/repositories/1/issues?page=2>; rel="next", <https://example.com/api/v3/repositories/1/issues?page=3>; rel="last"
  # The directive below replaces all occurrences of the GitHub Enterprise URL with the Proxy URL if the
  # response header Link is present
  Header edit* Link "https://GITHUB_ENTERPRISE_HOSTNAME" "https://PROXY_HOSTNAME"
</VirtualHost>