Migrating from Bitbucket Pipelines with GitHub Actions Importer

About migrating from Bitbucket Pipelines with GitHub Actions Importer

The instructions below will guide you through configuring your environment to use GitHub Actions Importer to migrate Bitbucket Pipelines to GitHub Actions.

Prerequisites

一个可在其中运行基于 Linux 的容器并可安装所需工具的环境。
- Docker 已安装并正在运行。
- 已安装 GitHub CLI。
注意

GitHub Actions Importer 容器和 CLI 不需要安装在 CI 平台所在的同一服务器上。

Limitations

There are some limitations when migrating from Bitbucket Pipelines to GitHub Actions with GitHub Actions Importer.

Images in a private AWS ECR are not supported.
The Bitbucket Pipelines option size is not supported.
Metrics detailing the queue time of jobs is not supported by the forecast command.

Bitbucket after-scripts are supported using GitHub Actions always() in combination with checking the steps.<step_id>.conclusion of the previous step. For more information, see 访问有关工作流运行的上下文信息.

The following is an example of using the always() with steps.<step_id>.conclusion.

  - name: After Script 1
    run: |-
      echo "I'm after the script ran!"
      echo "We should be grouped!"
    id: after-script-1
    if: "${{ always() }}"
  - name: After Script 2
    run: |-
      echo "this is really the end"
      echo "goodbye, for now!"
    id: after-script-2
    if: "${{ steps.after-script-1.conclusion == 'success' && always() }}"

Manual tasks

Certain Bitbucket Pipelines constructs must be migrated manually. These include:

Secured repository, workspace, and deployment variables
SSH keys

Installing the GitHub Actions Importer CLI extension

安装 GitHub Actions Importer CLI 扩展：

Bash

gh extension install github/gh-actions-importer

gh extension install github/gh-actions-importer

验证是否已安装扩展：

$ gh actions-importer -h
Options:
  -?, -h, --help  Show help and usage information

Commands:
  update     Update to the latest version of GitHub Actions Importer.
  version    Display the version of GitHub Actions Importer.
  configure  Start an interactive prompt to configure credentials used to authenticate with your CI server(s).
  audit      Plan your CI/CD migration by analyzing your current CI/CD footprint.
  forecast   Forecast GitHub Actions usage from historical pipeline utilization.
  dry-run    Convert a pipeline to a GitHub Actions workflow and output its yaml file.
  migrate    Convert a pipeline to a GitHub Actions workflow and open a pull request with the changes.

Configuring credentials

The configure CLI command is used to set required credentials and options for GitHub Actions Importer when working with Bitbucket Pipelines and GitHub.

Create a GitHub personal access token (classic). For more information, see 管理个人访问令牌.

Your token must have the workflow scope.

After creating the token, copy it and save it in a safe location for later use.
Create a Workspace Access Token for Bitbucket Pipelines. For more information, see Workspace Access Token permissions in the Bitbucket documentation. Your token must have the read scope for pipelines, projects, and repositories.
In your terminal, run the GitHub Actions Importer configure CLI command:
```
gh actions-importer configure
```
The configure command will prompt you for the following information:
- For "Which CI providers are you configuring?", use the arrow keys to select Bitbucket, press Space to select it, then press Enter.
- For "Personal access token for GitHub", enter the value of the personal access token (classic) that you created earlier, and press Enter.
- For "Base url of the GitHub instance", enter the URL for 你的 GitHub Enterprise Server 实例, and press Enter.
- For "Personal access token for Bitbucket", enter the Workspace Access Token that you created earlier, and press Enter.
- For "Base url of the Bitbucket instance", enter the URL for your Bitbucket instance, and press Enter.
An example of the configure command is shown below:
```
$ gh actions-importer configure
✔ Which CI providers are you configuring?: Bitbucket
Enter the following values (leave empty to omit):
✔ Personal access token for GitHub: ***************
✔ Base url of the GitHub instance: http://github.com
✔ Personal access token for Bitbucket: ********************
✔ Base url of the Bitbucket instance: http://bitbucket.example.com
Environment variables successfully updated.
```
In your terminal, run the GitHub Actions Importer update CLI command to connect to GitHub Packages Container registry and ensure that the container image is updated to the latest version:
```
gh actions-importer update
```
The output of the command should be similar to below:
```
Updating ghcr.io/actions-importer/cli:latest...
ghcr.io/actions-importer/cli:latest up-to-date
```

Perform an audit of the Bitbucket instance

You can use the audit command to get a high-level view of pipelines in a Bitbucket instance.

The audit command performs the following steps.

Fetches all of the pipelines for a workspace.
Converts pipeline to its equivalent GitHub Actions workflow.
Generates a report that summarizes how complete and complex of a migration is possible with GitHub Actions Importer.

Running the audit command

To perform an audit run the following command in your terminal, replacing :workspace with the name of the Bitbucket workspace to audit.

gh actions-importer audit bitbucket --workspace :workspace --output-dir tmp/audit

Optionally, a --project-key option can be provided to the audit command to limit the results to only pipelines associated with a project.

In the below example command :project_key should be replaced with the key of the project that should be audited. Project keys can be found in Bitbucket on the workspace projects page.

gh actions-importer audit bitbucket --workspace :workspace --project-key :project_key --output-dir tmp/audit

Inspecting the audit results

指定的输出目录中的文件包含审核结果。有关审核结果的摘要，请参阅 audit_summary.md 文件。

审核摘要包含以下部分。

管道

“管道”部分包含有关由 GitHub Actions Importer 完成的转换率的概要统计信息。

下面列出了“管道”部分中可能出现的一些关键术语：

“成功”管道已将所有管道构造和单个项目自动转换为其 GitHub Actions 等效项。
“部分成功”管道已转换所有管道构造，但有一些单个项目未自动转换为其 GitHub Actions 等效项。
“不受支持”管道是 GitHub Actions Importer 不支持的定义类型。
“失败”管道在转换时遇到错误。这可能是以下三个原因之一造成的：
- 该管道最初配置错误且无效。
- GitHub Actions Importer 在转换它时遇到内部错误。
- 网络响应失败，导致管道无法访问，这通常是由于凭据无效所致。

生成步骤

“生成步骤”部分概述了跨所有管道使用的各个生成步骤，以及由 GitHub Actions Importer 自动转换的生成步骤数。

下面列出了“生成步骤”部分中可能出现的一些关键术语：

“已知”生成步骤是自动转换为等效操作的步骤。
“未知”生成步骤是未自动转换为等效操作的步骤。
“不受支持”生成步骤是满足以下任一条件的步骤：
- 从根本上不受 GitHub Actions 支持。
- 以与 GitHub Actions 不兼容的方式进行配置。
“操作”是转换后的工作流中使用的操作的列表。这对于以下情况可能很重要：
- 如果使用 GitHub Enterprise Server，收集要同步到实例的操作列表。
- 定义所使用的操作的组织级允许列表。此操作列表是安全或合规性团队可能需要审查的操作的综合列表。

手动任务

“手动任务”部分概述了 GitHub Actions Importer 无法自动完成且必须由你手动完成的任务。

下面列出了“手动任务”部分中可能出现的一些关键术语：

“机密”是在转换后的管道中使用的存储库或组织级机密。必须在 GitHub Actions 中手动创建这些机密，才能使这些管道正常运行。有关详细信息，请参阅“Using secrets in GitHub Actions”。
“自托管运行器”是指在转换后的管道中引用的运行器（不是 GitHub 托管的运行器）的标签。需要手动定义这些运行器，才能使这些管道正常运行。

文件

审核报告的最后一部分提供审核期间写入磁盘的所有文件的清单。

每个管道文件都包含审核中的各种文件，包括：

GitHub 中定义的原始管道。
用于转换管道的任何网络响应。
转换后的工作流文件。
可用于排查管道转换失败问题的堆栈跟踪。

此外，workflow_usage.csv 文件包含一个以逗号分隔的列表，其中列出了每个成功转换的管道所使用的所有操作、机密和运行器。这有助于确定哪些工作流使用哪些操作、机密或运行器，并且可用于进行安全评审。

Forecasting usage

You can use the forecast command to forecast potential GitHub Actions usage by computing metrics from completed pipeline runs in your Bitbucket instance.

To perform a forecast of potential GitHub Actions usage, run the following command in your terminal, replacing :workspace with the name of the Bitbucket workspace to forecast. By default, GitHub Actions Importer includes the previous seven days in the forecast report.

gh actions-importer forecast bitbucket --workspace :workspace --output-dir tmp/forecast_reports

Forecasting a project

To limit the forecast to a project, you can use the --project-key option. Replace the value for the :project_key with the project key for the project to forecast.

gh actions-importer forecast bitbucket --workspace :workspace --project-key :project_key --output-dir tmp/forecast_reports

Inspecting the forecast report

The forecast_report.md file in the specified output directory contains the results of the forecast.

Listed below are some key terms that can appear in the forecast report:

The job count is the total number of completed jobs.
The pipeline count is the number of unique pipelines used.
Execution time describes the amount of time a runner spent on a job. This metric can be used to help plan for the cost of GitHub-hosted runners.
- This metric is correlated to how much you should expect to spend in GitHub Actions. This will vary depending on the hardware used for these minutes. You can use the GitHub Actions pricing calculator to estimate the costs.
Concurrent jobs metrics describe the amount of jobs running at any given time.

Performing a dry-run migration

You can use the dry-run command to convert a Bitbucket pipeline to an equivalent GitHub Actions workflow(s). A dry-run creates the output files in a specified directory, but does not open a pull request to migrate the pipeline.

Running the dry-run command

To perform a dry run of migrating a Bitbucket pipeline to GitHub Actions, run the following command in your terminal, replacing :workspace with the name of the workspace and :repo with the name of the repository in Bitbucket.

gh actions-importer dry-run bitbucket --workspace :workspace --repository :repo --output-dir tmp/dry-run

Inspecting the converted workflows

You can view the logs of the dry run and the converted workflow files in the specified output directory.

如果有任何 GitHub Actions Importer 无法自动转换的内容，例如未知生成步骤或部分成功管道，你可能需要创建自定义转换器来进一步自定义转换过程。有关详细信息，请参阅“Extending GitHub Actions Importer with custom transformers”。

Performing a production migration

You can use the migrate command to convert a Bitbucket pipeline and open a pull request with the equivalent GitHub Actions workflow(s).

Running the migrate command

To migrate a Bitbucket pipeline to GitHub Actions, run the following command in your terminal, replacing the following values.

Replace target-url value with the URL for your GitHub repository.
Replace :repo with the name of the repository in Bitbucket.
Replace :workspace with the name of the workspace.

gh actions-importer migrate bitbucket --workspace :workspace --repository :repo --target-url http://github.com/:owner/:repo --output-dir tmp/dry-run

The command's output includes the URL of the pull request that adds the converted workflow to your repository. An example of a successful output is similar to the following:

gh actions-importer migrate bitbucket --workspace actions-importer --repository custom-trigger --target-url http://github.com/valet-dev-testing/demo-private --output-dir tmp/bitbucket
[2023-07-18 09:56:06] Logs: 'tmp/bitbucket/log/valet-20230718-165606.log'
[2023-07-18 09:56:24] Pull request: 'http://github.com/valet-dev-testing/demo-private/pull/55'

检查拉取请求

migrate 命令成功运行的输出包含一个指向新拉取请求的链接，此拉取请求将转换后的工作流添加到存储库。

拉取请求的一些重要元素包括：

在拉取请求说明中，有一个名为“手动步骤”的部分，其中列出了在完成将管道迁移到 GitHub Actions 之前必须手动完成的步骤。例如，此部分可能会提供创建工作流中使用的任何机密。
转换后的工作流文件。选择拉取请求中的“Files changed”选项卡，查看将添加到 GitHub 仓库的工作流文件****。

检查完拉取请求后，可以将其合并以将工作流添加到 GitHub 仓库。

Reference

This section contains reference information on environment variables, optional arguments, and supported syntax when using GitHub Actions Importer to migrate from Bitbucket Pipelines.

Using environment variables

GitHub Actions Importer 使用环境变量进行身份验证配置。这些变量在使用 configure 命令执行配置过程时设置。有关详细信息，请参阅“配置凭据”部分。

GitHub Actions Importer uses the following environment variables to connect to your Bitbucket instance.

GITHUB_ACCESS_TOKEN: The personal access token (classic) used to create pull requests with a transformed workflow (requires repo and workflow scopes).
GITHUB_INSTANCE_URL: The url to the target GitHub instance. (e.g. http://github.com)
BITBUCKET_ACCESS_TOKEN: The workspace access token with read scopes for pipeline, project, and repository.

These environment variables can be specified in a .env.local file that will be loaded by GitHub Actions Importer at run time. The distribution archive contains a .env.local.template file that can be used to create these files.

Optional arguments

有一些可选参数可以结合 GitHub Actions Importer 子命令使用来自定义迁移。

`--source-file-path`

You can use the --source-file-path argument with the dry-run or migrate subcommands.

By default, GitHub Actions Importer fetches pipeline contents from the Bitbucket instance. The --source-file-path argument tells GitHub Actions Importer to use the specified source file path instead.

For example:

gh actions-importer dry-run bitbucket --workspace :workspace --repository :repo --output-dir tmp/dry-run --source-file-path path/to/my/pipeline/file.yml

`--config-file-path`

You can use the --config-file-path argument with the audit, dry-run, and migrate subcommands.

By default, GitHub Actions Importer fetches pipeline contents from the Bitbucket instance. The --config-file-path argument tells GitHub Actions Importer to use the specified source files instead.

Audit example

In this example, GitHub Actions Importer uses the specified YAML configuration file to perform an audit.

gh actions-importer audit bitbucket --workspace :workspace --output-dir tmp/audit --config-file-path "path/to/my/bitbucket/config.yml"

To audit a Bitbucket instance using a config file, the config file must be in the following format, and each repository_slug must be unique:

source_files:
  - repository_slug: repo_name
    path: path/to/one/source/file.yml
  - repository_slug: another_repo_name
    path: path/to/another/source/file.yml

Supported syntax for Bitbucket Pipelines

The following table shows the type of properties that GitHub Actions Importer is currently able to convert.

Bitbucket	GitHub Actions	Status
`after-script`	`jobs.<job_id>.steps[*]`	Supported
`artifacts`	`actions/upload-artifact` & `download-artifact`	Supported
`caches`	`actions/cache`	Supported
`clone`	`actions/checkout`	Supported
`condition`	`job.<job_id>.steps[*].run`	Supported
`deployment`	`jobs.<job_id>.environment`	Supported
`image`	`jobs.<job_id>.container`	Supported
`max-time`	`jobs.<job_id>.steps[*].timeout-minutes`	Supported
`options.docker`	None	Supported
`options.max-time`	`jobs.<job_id>.steps[*].timeout-minutes`	Supported
`parallel`	`jobs.<job_id>`	Supported
`pipelines.branches`	`on.push`	Supported
`pipelines.custom`	`on.workflow_dispatch`	Supported
`pipelines.default`	`on.push`	Supported
`pipelines.pull-requests`	`on.pull_requests`	Supported
`pipelines.tags`	`on.tags`	Supported
`runs-on`	`jobs.<job_id>.runs-on`	Supported
`script`	`job.<job_id>.steps[*].run`	Supported
`services`	`jobs.<job_id>.service`	Supported
`stage`	`jobs.<job_id>`	Supported
`step`	`jobs.<job_id>.steps[*]`	Supported
`trigger`	`on.workflow_dispatch`	Supported
`fail-fast`	None	Unsupported
`oidc`	None	Unsupported
`options.size`	None	Unsupported
`size`	None	Unsupported

Environment variable mapping

GitHub Actions Importer uses the mapping in the table below to convert default Bitbucket environment variables to the closest equivalent in GitHub Actions.

Bitbucket	GitHub Actions
`CI`	`true`
`BITBUCKET_BUILD_NUMBER`	`${{ github.run_number }}`
`BITBUCKET_CLONE_DIR`	`${{ github.workspace }}`
`BITBUCKET_COMMIT`	`${{ github.sha }}`
`BITBUCKET_WORKSPACE`	`${{ github.repository_owner }}`
`BITBUCKET_REPO_SLUG`	`${{ github.repository }}`
`BITBUCKET_REPO_UUID`	`${{ github.repository_id }}`
`BITBUCKET_REPO_FULL_NAME`	`${{ github.repository_owner }}`/`${{ github.repository }}`
`BITBUCKET_BRANCH`	`${{ github.ref }}`
`BITBUCKET_TAG`	`${{ github.ref }}`
`BITBUCKET_PR_ID`	`${{ github.event.pull_request.number }}`
`BITBUCKET_PR_DESTINATION_BRANCH`	`${{ github.event.pull_request.base.ref }}`
`BITBUCKET_GIT_HTTP_ORIGIN`	`${{ github.event.repository.clone_url }}`
`BITBUCKET_GIT_SSH_ORIGIN`	`${{ github.event.repository.ssh_url }}`
`BITBUCKET_EXIT_CODE`	`${{ job.status }}`
`BITBUCKET_STEP_UUID`	`${{ job.github_job }}`
`BITBUCKET_PIPELINE_UUID`	`${{ github.workflow }}`
`BITBUCKET_PROJECT_KEY`	`${{ github.repository_owner }}`
`BITBUCKET_PROJECT_UUID`	`${{ github.repository_owner }}`
`BITBUCKET_STEP_TRIGGERER_UUID`	`${{ github.actor_id }}`
`BITBUCKET_SSH_KEY_FILE`	`${{ github.workspace }}/.ssh/id_rsa`
`BITBUCKET_STEP_OIDC_TOKEN`	No Mapping
`BITBUCKET_DEPLOYMENT_ENVIRONMENT`	No Mapping
`BITBUCKET_DEPLOYMENT_ENVIRONMENT_UUID`	No Mapping
`BITBUCKET_BOOKMARK`	No Mapping
`BITBUCKET_PARALLEL_STEP`	No Mapping
`BITBUCKET_PARALLEL_STEP_COUNT`	No Mapping

System Variables

System variables used in tasks are transformed to the equivalent bash shell variable and are assumed to be available. For example, ${system.<variable.name>} will be transformed to $variable_name. We recommend you verify this to ensure proper operation of the workflow.

Legal notice

部分内容改编自 MIT 许可证下的 http://github.com/github/gh-actions-importer/ ：

MIT License

Copyright (c) 2022 GitHub

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.