{"id":22922466,"url":"https://github.com/kamaranl/smart-mirror","last_synced_at":"2026-05-07T11:33:48.576Z","repository":{"id":194875059,"uuid":"690841933","full_name":"kamaranl/smart-mirror","owner":"kamaranl","description":"Mirrors a GitHub repository to another supported Git repository.","archived":false,"fork":false,"pushed_at":"2023-09-13T02:14:52.000Z","size":924,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-17T11:45:12.467Z","etag":null,"topics":["actions","automatic","azure","devops","mirror","sync"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kamaranl.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-09-13T01:55:08.000Z","updated_at":"2023-09-13T10:33:42.000Z","dependencies_parsed_at":"2023-09-15T14:28:51.662Z","dependency_job_id":null,"html_url":"https://github.com/kamaranl/smart-mirror","commit_stats":null,"previous_names":["kamaranl/smart-mirror"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/kamaranl/smart-mirror","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamaranl%2Fsmart-mirror","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamaranl%2Fsmart-mirror/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamaranl%2Fsmart-mirror/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamaranl%2Fsmart-mirror/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kamaranl","download_url":"https://codeload.github.com/kamaranl/smart-mirror/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamaranl%2Fsmart-mirror/sbom","scorecard":{"id":76856,"data":{"date":"2025-08-11","repo":{"name":"github.com/KamaranL/smart-mirror","commit":"0f7025771f2827a6dc3febc47aea745a30de625b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/2 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/dump-context.yml:1","Warn: no topLevel permission defined: .github/workflows/run-build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/KamaranL/smart-mirror/run-build.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/run-build.yml:29","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T05:04:13.283Z","repository_id":194875059,"created_at":"2025-08-15T05:04:13.283Z","updated_at":"2025-08-15T05:04:13.283Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32735204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-07T02:14:30.463Z","status":"ssl_error","status_checked_at":"2026-05-07T02:14:29.405Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","automatic","azure","devops","mirror","sync"],"created_at":"2024-12-14T08:10:50.642Z","updated_at":"2026-05-07T11:33:48.556Z","avatar_url":"https://github.com/kamaranl.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Smart Mirror\n\n\u003e The action that does all the heavy lifting for you when it comes to syncing your GitHub repository with other supported Git repositories.\n\n## Configuration\n\n### `INPUT`\n\n| Name         | Type   | Description                                                      | Available For | Required By | Default                      |\n| ------------ | ------ | ---------------------------------------------------------------- | ------------- | ----------- | ---------------------------- |\n| owner        | string | name of repository owner                                         | Azure, GitHub | GitHub      | github.repository_owner      |\n| repository   | string | name of repository\\*                                             | Azure, GitHub |             | github.event.repository.name |\n| project      | string | name of project                                                  | Azure         |             | github.event.repository.name |\n| createMirror | bool   | create the mirror if it doesn't exist\\*\\*                        | Azure, GitHub |             | false                        |\n| visibility   | enum   | mirror visibility if creating a new mirror ( private \\| public ) | Azure, GitHub |             | Git host's default           |\n\n\\*Be mindful of illegal characters when attempting to create a mirror- the repository name on GitHub may not be acceptable for Azure DevOps. See more about naming conventions under [refs](#refs).\n\n\\*\\*See [Authentication](#authentication) for what permissions are necessary for the automatic creation of the mirror.\n\n### `ENV`\n\n| Name         | Description                        | Required |\n| ------------ | ---------------------------------- | -------- |\n| TOKEN_AZURE  | Azure DevOps Personal Access Token | no       |\n| TOKEN_GITHUB | GitHub Personal Access Token       | no       |\n\n## Authentication\n\nA personal access token (PAT) must be passed to the action via environment variables previously mentioned. _Bare minimum_ permissions in the following table assume `createMirror` is not being used, and that the mirrors are being created manually before this action is run.\n\n| PAT                                                    | Categories                                                                       | Access               |\n| ------------------------------------------------------ | -------------------------------------------------------------------------------- | -------------------- |\n| Azure DevOps\u003cbr /\u003e\u003csup\u003e(w/ createMirror)\u003c/sup\u003e         | - **Project and Team**\u003cbr /\u003e- **Code**                                           | read, write \u0026 manage |\n| Azure DevOps\u003cbr /\u003e\u003csup\u003e(bare minimum)\u003c/sup\u003e            | - **Code**                                                                       | read \u0026 write         |\n| GitHub: Classic                                        | - **repo**\u003cbr /\u003e- **workflow**                                                   | all                  |\n| GitHub: Fine-grained \u003cbr/\u003e\u003csup\u003e(w/ createMirror)\u003c/sup\u003e | - **Actions**\u003cbr /\u003e- **Administration**\u003cbr /\u003e- **Contents**\u003cbr /\u003e- **Workflows** | read \u0026 write         |\n| GitHub: Fine-grained \u003cbr/\u003e\u003csup\u003e(bare minimum)\u003c/sup\u003e    | - **Actions**\u003cbr /\u003e- **Contents**\u003cbr /\u003e- **Workflows**                           | read \u0026 write         |\n\n## Usage\n\nWe'll use the following table of details for the examples below and assume that all jobs are completing successfully.\n\n| GitHub (Source) |                          |\n| --------------- | ------------------------ |\n| User            | octocat                  |\n| Repo            | octocat-tools            |\n| Orgs (memberOf) | octocorp, octocat-design |\n\n### `.github/workflows/smart-mirror.yaml`\n\n```yaml\n# EXAMPLE 1: push repo to a single mirror\n\non:\n  - push\n  - workflow_dispatch\n\nconcurrency: ${{ github.workflow }} # prevents concurrent workflow runs for this action\ndefaults:\n  run:\n    shell: bash\n\njobs:\n  some_job:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n        with:\n          fetch-depth: 0 # gets all commit history, branches, and tags\n\n      - name: azure_freelance\n        uses: KamaranL/smart-mirror@main\n        with:\n          owner: octocat-design # devops organization for the mirror\n          project: octodev # devops project of where the mirror is associated\n          repository: octocat-design-tools # name of the mirror\n          createMirror: true # create the mirror if it doesn't already exist\n          visibility: public # create the mirror as public (since devops' default is private)\n        env:\n          TOKEN_AZURE: ${{ secrets.TOKEN_AZURE_FREELANCE }}\n```\n\n`azure_freelance` would result in:\n\n- creating a new public `octodev` project in the `octocat-design` organization on Azure DevOps (if the project did not exist)\n- creating the new `octocat-design-tools` repository under the `octodev` project (whether the project was newly created or not)\n- pushing code from the source repository, `octocat-tools`, to _https\u0026#58;\u0026#47;\u0026#47;dev\u0026period;azure\u0026period;com/octocat-design/octodev/\\_git/octocat-design-tools_\n\n```yml\n# EXAMPLE 2: push repo to multiple mirrors\n\non:\n  - push\n  - workflow_dispatch\n\nconcurrency: ${{ github.workflow }}\ndefaults:\n  run:\n    shell: bash\n\njobs:\n  another_job:\n    if: github.repository == 'octocat/octocat-tools' # prevents this job from running on mirrored github repos\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n\n      - name: azure_personal\n        uses: KamaranL/smart-mirror@main\n        with:\n          createMirror: true\n        env:\n          TOKEN_AZURE: ${{ secrets.TOKEN_AZURE_PERSONAL }}\n\n      - name: github_corp\n        if: ${{ always() }} # assures this step runs even if the previous failed\n        uses: KamaranL/smart-mirror@main\n        with:\n          owner: octocorp\n        env:\n          TOKEN_GITHUB: ${{ secrets.TOKEN_GITHUB_CORP }}\n\n      - name: github_freelance\n        if: ${{ always() }}\n        uses: KamaranL/smart-mirror@main\n        with:\n          owner: octocat-design\n          repository: octocat-design-tools\n          createMirror: true\n        env:\n          TOKEN_GITHUB: ${{ secrets.TOKEN_GITHUB_FREELANCE }}\n```\n\n`azure_personal` would result in:\n\n- creating a new private `octocat-tools` project in the `octocat` organization on Azure DevOps (if the project did not exist)\n- pushing code from the source repository, `octocat-tools`, to the project's default repository at _https\u0026#58;\u0026#47;\u0026#47;dev\u0026period;azure\u0026period;com/octocat/octocat-tools/\\_git/octocat-tools_\n\n\n`github_corp` would result in:\n\n- always running, whether or not the previous `azure_personal` step failed\n- pushing code from the source repository `octocat-tools` to an existing `octocat-tools` repository in the `octocorp` organization\n\n`github_freelance` would result in:\n\n- creating a new `octocat-design-tools` repository in the `octocat-design` organization, (if one does not already exist)\n- pushing code from the source repository, `octocat-tools`, to the `octocat-design-tools` repository in the `octocat-design` organization\n\n---\n\n## refs\n\n- Azure Naming Restrictions \\[ [projects](https://learn.microsoft.com/en-us/azure/devops/organizations/settings/naming-restrictions?view=azure-devops#project-names) | [repos](https://learn.microsoft.com/en-us/azure/devops/organizations/settings/naming-restrictions?view=azure-devops#azure-repos-git) \\]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamaranl%2Fsmart-mirror","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkamaranl%2Fsmart-mirror","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamaranl%2Fsmart-mirror/lists"}