The capability to mirror repositories within GitLab provides a robust mechanism for synchronizing source code, branches, tags, and commits between GitLab and external Git sources. This functionality ensures that a project can maintain a presence across multiple platforms without requiring manual synchronization of every individual commit. By establishing a mirror, GitLab automates the transfer of data, which is critical for organizations managing hybrid cloud environments or those transitioning between version control systems. The synchronization process encompasses the entire Git object database, meaning that not only the current state of the default branch is mirrored, but the complete historical lineage of the project is preserved and replicated. This systemic approach to data redundancy and accessibility allows developers to utilize GitLab as a primary hub while maintaining compatibility or visibility on secondary platforms.
Repository Mirroring Tiers and Availability
The availability of mirroring features is segmented based on the GitLab tier and the specific deployment model being utilized. This ensures that different organizational needs, from individual developers to large-scale enterprises, have access to the appropriate synchronization tools.
| Deployment Offering | Free Tier | Premium Tier | Ultimate Tier |
|---|---|---|---|
| GitLab.com | Supported | Supported | Supported |
| GitLab Self-Managed | Supported | Supported | Supported |
| GitLab Dedicated | Supported | Supported | Supported |
The mirroring functionality is broadly available across the Free, Premium, and Ultimate tiers, though specific capabilities, such as pull mirroring, are restricted to higher tiers (Premium and Ultimate) in certain contexts. This tier-based structure affects how a user can ingest data from external sources into GitLab. For instance, while push mirroring is generally accessible, the ability to automatically pull from an external source requires a subscription level that supports advanced automation.
Mirroring Methodologies and Directions
GitLab supports three distinct directions for repository synchronization. The choice of method depends entirely on where the "canonical" or primary version of the truth resides and how the user intends to interact with the secondary location.
Push Mirroring
Push mirroring is the process of mirroring a repository from GitLab to another external location. In this configuration, GitLab acts as the source of truth. Any change committed to the GitLab repository is automatically pushed to the remote destination.
This method is essential for scenarios where the developer prefers the GitLab interface and CI/CD pipelines but must maintain a copy of the code on a different platform for compliance, visibility, or legacy reasons. The impact of this setup is that the external repository becomes a read-only mirror of the GitLab project; any one-way flow of data ensures that the remote site is always up to date with the latest GitLab commits.
Pull Mirroring
Pull mirroring allows a GitLab repository to act as the destination, pulling copies of commits, tags, and branches from another external project. This feature is specifically available in the Premium and Ultimate tiers.
When a project is configured as a pull mirror, GitLab periodically checks the external source for updates. If new data is detected, it is ingested into the GitLab instance. This is particularly useful when the canonical version of a project is hosted elsewhere, but the team wants to utilize GitLab's internal tools, such as its issue trackers or CI/CD pipelines, without manually migrating the entire project.
Bidirectional Mirroring
Bidirectional mirroring allows for synchronization in both directions. However, this approach is cautioned against because it can cause significant conflicts. If changes are made to both the source and the destination simultaneously, the mirror may encounter divergent histories that cannot be automatically resolved, potentially leading to data inconsistency.
Strategic Use Cases for Mirroring
The implementation of mirroring is not merely a technical exercise but a strategic decision based on project lifecycle and visibility requirements.
Migration and Legacy Support
When a project's canonical version has been migrated to GitLab, but there is a need to keep providing a copy of the project at its previous home, push mirroring is the ideal solution. By configuring the GitLab repository as a push mirror, any updates made within GitLab are mirrored back to the old location. This prevents the "breaking" of external links or dependencies that may still point to the legacy host.
Archival Purposes
There are instances where developers have old projects in another source that are no longer actively developed but must be kept for archiving purposes. In this scenario, a push mirror can be established so that the active GitLab repository pushes its final states or occasional maintenance updates to the archive location, ensuring the archive is not deleted or lost.
Open Source Distribution for Private Instances
A common requirement for self-managed GitLab users is the need for privacy. A company may run a private GitLab instance that is closed to the public for security reasons. However, they may wish to open-source specific software components. By using the private instance as the primary development hub and setting up a push mirror to a public GitLab.com repository, the organization can selectively share public-facing projects while keeping the rest of their infrastructure hidden.
External Source Integration
If a project's primary development happens on an external platform, but the team wants the benefits of the GitLab ecosystem, pull mirroring is used. The GitLab repository pulls the essential history of commits, tags, and branches, making them available for use within the GitLab environment.
Technical Implementation of Push Mirroring
Setting up a push mirror for an existing project involves a specific sequence of administrative steps to ensure the connection is secure and the data flow is consistent.
The process for establishing a push mirror is as follows:
- Navigate to the project's Settings > Repository.
- Expand the Mirroring repositories section.
- Enter the target repository URL.
- From the Mirror direction dropdown, select Push.
- Select the appropriate authentication method from the dropdown.
- If necessary, check the Only mirror protected branches box to limit the scope of the mirror.
- If desired, check the Keep divergent refs box.
- Click the Mirror repository button to save the configuration.
To maintain the integrity of the mirror, it is recommended to push commits directly to the mirrored repository to prevent the mirror from diverging.
Technical Implementation of Pull Mirroring and General Setup
Creating a repository mirror requires specific permissions and network configurations.
Prerequisites
Before attempting to create a mirror, the following conditions must be met:
- The user must possess the Maintainer or Owner role for the project.
- For mirrors utilizing
ssh://, the host key must be detectable on the server, or the user must possess a local copy of the key.
Configuration Steps
The detailed workflow for creating a mirror is as follows:
- Use the search bar or navigate to the project.
- In the left sidebar, go to Settings > Repository.
- Expand the Mirroring repositories section.
- Select Add new.
- Enter the Git repository URL.
The URL must be accessible via one of the following protocols:
- http://
- https://
- ssh://
- orgit://
If an ssh:// URL is utilized, the user must choose between two options for key management:
- Detect host keys: GitLab will fetch the host keys from the server and display the fingerprints.
- Input host keys manually: The user enters the host key into the SSH host key field.
This verification process is a critical security measure. GitLab confirms that at least one stored host key matches before establishing a connection, which protects the mirror from malicious code injections and prevents passwords from being stolen.
Synchronization Dynamics and Manual Overrides
GitLab mirrors are designed to update automatically, but there are mechanisms to force updates and constraints to prevent server overload.
Automatic and Manual Updates
Updates occur automatically, but users with the appropriate permissions can trigger a manual update. This is useful when a developer has just pushed a commit and needs the mirror to reflect that change immediately without waiting for the scheduled cycle.
The frequency of these updates is governed by the following limits:
- On GitLab.com, manual updates are permitted at most once every five minutes.
- On self-managed instances, the limit is determined by the administrator.
Permission-Based Updates
The ability to force an immediate update depends on the user's role:
- Users with the Maintainer role can force an update.
- In some configurations, users with at least Developer access can force an update.
However, a manual update will be blocked if:
- The mirror is already in the process of updating.
- The specific interval limit (e.g., 5 minutes) has not yet elapsed since the last successful update.
Visibility and Monitoring
When a mirror is updated, the activity is logged. All new branches, tags, and commits become visible in the project's activity feed. To verify the success of a push, users should:
- Review the "last update attempt" and "last successful update" timestamps in the settings.
- Navigate to the Repository > Commits page on GitLab.com to confirm the last commit is displayed, indicating a successful push.
Security and Restrictions
To maintain system stability and security, certain protocols and visibility settings are restricted.
Unsupported Protocols
The following are explicitly not supported in GitLab mirroring:
- SCP-style URLs: Implementation of these URLs is ongoing (tracked in issue 18993).
- Dumb HTTP protocol: Mirroring over this legacy protocol is not permitted.
Access Control
For security reasons, starting with GitLab 12.10, the URL of the original repository is restricted. Only users with Maintainer or Owner permissions to the mirrored project can view the URL to the original source.
Integration with CI/CD Pipelines
A significant advantage of mirroring is its interaction with GitLab CI/CD. When a local GitLab repository mirrors to a remote one, the CI/CD pipeline continues to execute as if the commits were made directly to the repository. For example, a statically generated website can be updated automatically after each push via the mirroring process, allowing developers to maintain a local, private development environment while automatically deploying public-facing content.
Summary of Mirroring Specifications
| Feature | Push Mirroring | Pull Mirroring |
|---|---|---|
| Direction | GitLab $\rightarrow$ External | External $\rightarrow$ GitLab |
| Primary Use Case | Public distribution / Legacy support | Ingesting external projects |
| Tier Availability | Free, Premium, Ultimate | Premium, Ultimate |
| Protocol Support | HTTP, HTTPS, SSH, orgit | HTTP, HTTPS, SSH, orgit |
| Automation | Automatic | Automatic / Manual Trigger |
| Conflict Risk | Low (One-way) | Low (One-way) |
Conclusion
The architectural implementation of repository mirroring in GitLab serves as a bridge between disparate version control environments. By supporting both push and pull configurations, GitLab allows organizations to maintain a strict "source of truth" while benefiting from the redundancy and visibility provided by external mirrors. The system is designed with a strong emphasis on security, particularly through the mandatory verification of SSH host keys and the restriction of mirror URL visibility to high-level roles.
The operational efficiency of mirroring is further enhanced by its integration with the CI/CD pipeline, transforming a simple synchronization task into a deployment mechanism. While bidirectional mirroring exists, the potential for divergent histories makes it a risky choice compared to the stability of unidirectional push or pull mirrors. For users of self-managed instances, the push mirror provides a sophisticated way to balance the need for internal privacy with the desire to contribute to the open-source community. Ultimately, the ability to automate the movement of branches, tags, and commits across different platforms ensures that the development workflow remains fluid, regardless of where the code is physically hosted.