GitFusion is a unified Git provider integration microservice designed to enhance user experience when working with git repositories across multiple providers (GitHub, GitLab, Bitbucket). It acts as a consistent interface between portal UI and various git providers, enabling users to easily discover and interact with codebases, branches, pull requests, and other git capabilities.
- Enhance user productivity by providing a seamless experience across different git providers
- Reduce context switching for users when working with multiple git platforms
- Standardize git operations through a consistent API interface
- Improve discoverability of repositories, branches, and other git resources
- Enable future extensibility of git-related features in our portal
GitFusion provides the following features (implemented incrementally):
- Repository discovery and search across providers
- Branch management and information retrieval
- Pull/Merge request handling and visibility
- Unified API for interacting with different git providers
GitFusion is built as a RESTful API service with the following characteristics:
- Integration with multiple git providers (GitHub, GitLab, Bitbucket) via their respective APIs
- Authentication via API keys with Kubernetes secrets
- Kubernetes-native deployment with Helm charts
- Written in Go with a clean, extensible architecture
- Go 1.24+
- Kubernetes cluster with configured GitServer CRDs
- Access to Git provider API tokens
# Build the binary
make build
# Run tests
make test
# Generate API code from OpenAPI spec
make generateGitFusion can be deployed using the provided Helm chart:
# From project root
helm install gitfusion ./deploy-templates -n my-namespaceGitFusion talks to git providers over HTTPS and always verifies the server certificate against the host's trust store (Go's default).
To reach a provider served with a private or self-signed certificate (e.g. an internal
GitLab), add its CA to the container's trust store — do not disable verification. On Linux,
/etc/ssl/certs is the system trust-store directory that Go reads, so mounting the CA file
there makes Go trust it alongside the public roots. Use the chart's volumes/volumeMounts,
mounting the CA as a single file via subPath so the existing ca-certificates.crt bundle
is preserved. For example, with the CA in a ConfigMap gitlab-ca (key gitlab-ca.crt):
# values.yaml
volumes:
- name: gitlab-ca
configMap:
name: gitlab-ca
volumeMounts:
- name: gitlab-ca
mountPath: /etc/ssl/certs/gitlab-ca.crt # subPath: do NOT mount over the whole dir
subPath: gitlab-ca.crt
readOnly: trueDo not mount a volume over the whole
/etc/ssl/certsdirectory — that shadows the bundled public roots and breaks TLS to public providers (GitHub, Bitbucket). Always usesubPath.
Alternatively, on Linux set SSL_CERT_FILE (a single PEM bundle) or SSL_CERT_DIR to a
mounted CA path. These apply to every provider and keep verification enabled. (Go does not
honour SSL_CERT_FILE/SSL_CERT_DIR on macOS — relevant only for local runs, not the
container.)
GitFusion exposes a RESTful API defined using OpenAPI specification. The API includes endpoints for:
- Repository management (listing, getting details)
- Organization operations
- And more as the project evolves
Rather than listing specific endpoints here which may change over time, we recommend referring to the OpenAPI specification at internal/api/oapi.yaml for the most up-to-date and complete API documentation.
We welcome contributions to GitFusion! Please see our Contributing Guide for more information on how to get started. Also, please note that all contributions are governed by our Code of Conduct.
For information about security policies and procedures, please refer to our Security Policy.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.