From 0928cca3e6c9232ec7edbaa8d82e8ddefc41314a Mon Sep 17 00:00:00 2001
From: brain-slug <28928591+brain-slug@users.noreply.github.com>
Date: Mon, 11 Oct 2021 14:45:19 +0200
Subject: [PATCH] Added Dockerfile, updated IFS from CRLF to LF only, renamed
 access token vars allowing to be set from Dockerfile, added CURL_PARAMS --raw
 to avoid encoding issues, updated README.md

---
 Dockerfile | 31 +++++++++++++++++++++++++++++++
 README.md  |  7 ++++---
 migrate.sh | 17 +++++++++++------
 3 files changed, 46 insertions(+), 9 deletions(-)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..bfcfc9b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,31 @@
+FROM ubuntu:20.04
+
+ENV SOURCE_GITLAB=git.mycompany.com
+ENV SOURCE_PATH="gitlab-migration-source"
+ENV TARGET_GITLAB=gitlab.com
+ENV TARGET_PATH="gitlab-migration-target"
+# setting access token here will have precedence over .secrets file and considered insecure
+#ENV TARGET_ACCESS_TOKEN=<target_gitlab_access_token>
+#ENV SOURCE_ACCESS_TOKEN=<source_gitlab_access_token>
+
+ENV ARCHIVE_AFTER_MIGRATION="no"
+ENV ADD_DESCRIPTION="no"
+ENV MIGRATE_ARCHIVED_PROJECTS="no"
+ENV MIGRATE_GROUP_VARIABLES="no"
+ENV MIGRATE_PROJECT_VARIABLES="no"
+ENV MIGRATE_BADGES="no"
+ENV MIGRATE_HOOKS="no"
+
+RUN adduser migration
+
+RUN apt-get update && \
+    apt-get install jq curl -y
+
+COPY --chown=migration:migration .secrets /home/migration/
+COPY --chown=migration:migration migrate.sh /home/migration/
+RUN chmod +x /home/migration/migrate.sh
+
+USER migration
+WORKDIR /home/migration
+
+ENTRYPOINT ["/bin/bash", "/home/migration/migrate.sh", "-D", "FOREGROUND"]
\ No newline at end of file
diff --git a/README.md b/README.md
index a66117b..744e5b1 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,11 @@ Script to migrate Gitlab groups and their projects from one Gitlab instance to a
 
 ## Requirements
 * Bash (4.0 or newer)
-* jq
+* jq (1.6)
+* curl (7.68.0 tested)
 
 ## Usage ## 
-* Create local file `.secrets` and add a [Personal Access Token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) for the source Gitlab instance in the first line and a Personal Access Token for the target Gitlab instance in the second line. Both tokens need the `api` scope. Example:
+* Create local file `.secrets` and add a [Personal Access Token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) for the source Gitlab instance in the first line and a Personal Access Token for the target Gitlab instance in the second line. Also add a newline (LF) to the end. Both tokens need the `api` scope. Example:
     ```
   $ cat .secrets
   dskjfdskjfr7987dfkds
@@ -23,7 +24,7 @@ Script to migrate Gitlab groups and their projects from one Gitlab instance to a
   ```
 
 ## Limitations ##
-* Tested with Gitlab 13.0
+* Tested with Gitlab 13.0 / 14.0
 * Currently only Community Edition features are supported. See [list of supported features](#supported-features) below for details. This doesn't limit the script to Community Edition Gitlab instances though. It can be used with any of Community, Enterprise or Gitlab.com SaaS instances as source and target.
 * The target group path already has to exist
 * Max. 100 Subgroups, Variables, Hooks, Badges per parent entity will be migrated as no API pagination is implemented
diff --git a/migrate.sh b/migrate.sh
index 3bc59ef..5f3be0d 100644
--- a/migrate.sh
+++ b/migrate.sh
@@ -48,18 +48,23 @@ fi
 #MIGRATE_PROJECT_VARIABLES="no"
 #MIGRATE_BADGES="no"
 #MIGRATE_HOOKS="no"
-CURL_PARAMS=""
-
-unset -v sourceGitlabPrivateAccessToken targetGitlabPrivateAccessToken
-{ IFS=$'\n\r' read -r sourceGitlabPrivateAccessToken && IFS=$'\n\r' read -r targetGitlabPrivateAccessToken; } < .secrets
+CURL_PARAMS="--raw"
+
+# only read from .secrets if env vars not existing
+if [ -z ${SOURCE_ACCESS_TOKEN+x} ] || [ -z ${TARGET_ACCESS_TOKEN+x} ]; then
+  echo "Reset GitLab access tokens, attempting to read from .secrets file"
+  unset -v SOURCE_ACCESS_TOKEN TARGET_ACCESS_TOKEN
+  # make sure you .secrets file has new line added at the end using LF only
+  { IFS=$'\n' read -r SOURCE_ACCESS_TOKEN && IFS=$'\n' read -r TARGET_ACCESS_TOKEN; } < .secrets
+fi
 
 dryRun=false
 
 baseUrlSourceGitlabApi="https://${SOURCE_GITLAB}/api/v4"
-authHeaderSourceGitlab="PRIVATE-TOKEN: ${sourceGitlabPrivateAccessToken}"
+authHeaderSourceGitlab="PRIVATE-TOKEN: ${SOURCE_ACCESS_TOKEN}"
 baseUrlTargetGitlabApi="https://${TARGET_GITLAB}/api/v4"
 baseUrlTargetGitlab="https://${TARGET_GITLAB}"
-authHeaderTargetGitlab="PRIVATE-TOKEN: ${targetGitlabPrivateAccessToken}"
+authHeaderTargetGitlab="PRIVATE-TOKEN: ${TARGET_ACCESS_TOKEN}"
 
 
 function urlencode() {