How to Migrate Private Tickets from Pagure to a New Private Repository

DRAFT DOCUMENTATION: This documentation is currently in draft form and may not be fully tested and correct. Please verify all procedures before use and report any issues or inaccuracies.

Purpose

This document outlines the steps required to migrate private/restricted issue tickets from a Pagure.io repository to a new private repository on Fedora Forge, ensuring the confidentiality of sensitive information while maintaining access control.

Scope

This procedure applies to Fedora Project contributors who need to migrate repositories containing private or restricted issue tickets from Pagure.io to Fedora Forge. This is necessary because Forgejo does not support privately restricted issue tickets within public repositories.

Prerequisites

  • Repository Access: You must have access to the source repository on Pagure.io and the necessary privileges to create repositories in the target organization on Fedora Forge.

  • Organization Permissions: You must have the ability to create repositories under the target namespace in Fedora Forge. If you don’t have these privileges, consult a member from the relevant subproject or SIG, or contact the Fedora Infrastructure team.

  • API Key: You will need to create an API key in Pagure.io for the migration process.

  • Private Repository Access: You must have permissions to create private repositories in the target organization.

As Forgejo does not support the creation of privately restricted issue tickets at this time, migrating repositories having them requires creating a separate private repository to ensure the confidentiality of those issue tickets.

This procedure assumes you have already migrated the main repository content using the standard migration process. This document focuses specifically on migrating private tickets to a separate private repository.

Procedure

The private ticket migration process involves four main steps: creating a Pagure.io API key, accessing the Fedora Forge migration tool, configuring the private repository migration, and setting up proper access controls.

Create Pagure.io API Key

  1. Log into Pagure.io and navigate to the source repository containing private tickets, taking note of the repository URL for later reference.

  2. Click on your portrait in the top-right corner and navigate to user settings. migration pagure 02

  3. In the API Keys section, click on the Create new API key button. migration pagure 04

  4. Fill in the "Create a new token" form with the following information:

    1. Description: Enter a descriptive name for the API key (e.g., "Fedora Forge Migration")

    2. Expiration Date: Set an appropriate expiration date for security purposes

    3. ACLs: Select all necessary ACLs (Access Control Lists) for repository access

    4. Click the Create button to generate the API key. migration pagure 05

  5. Copy the generated API key and keep it safely stored for use in the migration process. migration pagure 06

Access Fedora Forge Migration Tool

  1. Log into Fedora Forge using your Fedora Account credentials and navigate to the destination organization where you want to create the migrated repository.

  2. Click on the New migration button to begin the migration process. pagure migration new migration button

  3. Click on the Pagure button at the bottom of the migration page. pagure migration select pagure source

Configure Private Repository Migration

  1. Fill in the migration form with the information from your source repository:

    1. Repository Name: Enter a descriptive name for the private repository (e.g., original-repo-private-tickets)

    2. Clone URL: Enter the Git clone URL from your Pagure repository

    3. Description: Add a description indicating this contains private tickets (e.g., "Private tickets from [original-repo]")

    4. Visibility: Set to private for restricted content migration pagure 13

  2. Enter the API key you created earlier in the token field.

  3. Click on the Migrate repository button to start the migration.

  4. Wait for the migration to complete. This creates a private repository with all tickets, including private ones. migration pagure 14

Configure Access Controls

  1. Navigate to the newly created private repository.

  2. Go to the repository settings and configure access controls:

    1. Add only authorized team members who need access to private tickets

    2. Ensure proper permission levels are set (typically Read access for ticket viewing)

    3. Document who has access and why for audit purposes

Verification

  • Confirm that the private repository appears in the target organization on Fedora Forge.

  • Verify that private tickets are only visible to authorized users.

  • Check that all private tickets have been transferred correctly.

  • Test repository access permissions for team members.

  • Verify that unauthorized users cannot access the private repository.

  • Confirm that the private repository is accessible via Git clone operations for authorized users.

Important Notes

  • Separate Repository: This creates a completely separate repository containing only the private tickets, not the main codebase.

  • Access Control: Ensure only authorized personnel have access to the private repository.

  • Documentation: Document the relationship between the main repository and the private tickets repository.

  • Maintenance: Consider how to handle future private tickets - they may need to be created in the private repository going forward.

Want to help? Learn how to contribute to Fedora Docs