Replace gerrit-github-sync with newer gitsync container.
diff --git a/gitsync/Dockerfile b/gitsync/Dockerfile
new file mode 100644
index 0000000..dc9a386
--- /dev/null
+++ b/gitsync/Dockerfile
@@ -0,0 +1,37 @@
+FROM ubuntu:latest
+
+# https://cloud.google.com/sdk/docs/quickstart-debian-ubuntu
+RUN apt-get update \
+ && apt-get install -y \
+ curl \
+ git \
+ lsb-release \
+ openssh-client \
+ && export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" \
+ && echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
+ && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
+ && apt-get update \
+ && apt-get install -y google-cloud-sdk \
+ && gcloud config set core/disable_usage_reporting true \
+ && gcloud config set component_manager/disable_update_check true \
+ && gcloud --version \
+ && rm -rf /var/lib/apt/lists/*
+
+# TODO(philwo) is this still needed?
+# RUN (cd /usr/share/ca-certificates && find . -type f -name '*.crt' \
+# | sed -e 's|^\./||') > /etc/ca-certificates.conf \
+# && update-ca-certificates
+
+RUN useradd --create-home --user-group --shell /bin/bash gitsync
+
+RUN mkdir -p /home/gitsync/.ssh
+COPY ssh_config /home/gitsync/.ssh/config
+COPY known_hosts /home/gitsync/.ssh/known_hosts
+COPY gitsync.sh /home/gitsync/gitsync.sh
+RUN chown -R gitsync:gitsync /home/gitsync
+
+USER gitsync
+RUN git config --global http.cookiefile /home/gitsync/.gitcookies
+
+WORKDIR /home/gitsync
+ENTRYPOINT [ "/home/gitsync/gitsync.sh" ]
diff --git a/gitsync/README.md b/gitsync/README.md
new file mode 100644
index 0000000..4d3aa87
--- /dev/null
+++ b/gitsync/README.md
@@ -0,0 +1,23 @@
+# Building the Docker container
+
+```
+$ docker build -t gcr.io/bazel-public/gitsync .
+$ docker push gcr.io/bazel-public/gitsync
+```
+
+# Starting the VM that hosts the Docker container
+
+```
+$ gcloud beta compute instances create-with-container \
+ --boot-disk-size 200GB \
+ --container-image gcr.io/bazel-public/gitsync:latest \
+ --machine-type n1-standard-1 \
+ --network buildkite \
+ --zone europe-west1-d \
+ --image-project cos-cloud \
+ --image-family cos-stable \
+ --metadata cos-metrics-enabled=true \
+ --scopes cloud-platform \
+ --service-account gitsync@bazel-public.iam.gserviceaccount.com \
+ gitsync
+```
diff --git a/gitsync/gitsync.sh b/gitsync/gitsync.sh
new file mode 100755
index 0000000..ddb8281
--- /dev/null
+++ b/gitsync/gitsync.sh
@@ -0,0 +1,105 @@
+#!/bin/bash
+#
+# Copyright 2015 The Bazel Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Scripts to configure the service that will poll git repositories for
+# in sync check.
+
+# Format of each entry is:
+# origin destination local-name bidirectional branch1 ... branchN
+REPOSITORIES=(
+ "https://bazel.googlesource.com/bazel git@github.com:bazelbuild/bazel.git bazel false master"
+ "https://bazel.googlesource.com/tulsi git@github.com:bazelbuild/tulsi.git tulsi false master"
+ "https://bazel.googlesource.com/continuous-integration git@github.com:bazelbuild/continuous-integration.git continuous-integration true master"
+ "https://bazel.googlesource.com/eclipse git@github.com:bazelbuild/eclipse.git eclipse true master"
+ "https://bazel.googlesource.com/bazel-toolchains git@github.com:bazelbuild/bazel-toolchains.git bazel-toolchains true master"
+)
+
+set -euxo pipefail
+
+# Download & decrypt gitcookies.
+gsutil cat "gs://bazel-encrypted-secrets/gitsync-cookies.enc" | \
+ gcloud kms decrypt --location "global" --keyring "buildkite" --key "gitsync-cookies-key" --plaintext-file "-" --ciphertext-file "-" \
+ > /home/gitsync/.gitcookies
+chmod 0600 /home/gitsync/.gitcookies
+
+# Download & decrypt GitHub SSH key.
+gsutil cat "gs://bazel-encrypted-secrets/gitsync-ssh.enc" | \
+ gcloud kms decrypt --location "global" --keyring "buildkite" --key "gitsync-ssh-key" --plaintext-file "-" --ciphertext-file "-" \
+ > /home/gitsync/.ssh/id_rsa
+chmod 0600 /home/gitsync/.ssh/id_rsa
+
+function clone() {
+ git clone "$1" "$3"
+ pushd "$3"
+ git remote add destination "$2"
+ popd
+}
+
+function sync_branch() {
+ echo "sync_branch $*"
+ local branch="$1"
+ local bidirectional="$2"
+ git checkout "origin/${branch}" -B "${branch}" || {
+ echo "Failed to checkout ${branch}, aborting sync..."
+ return 1
+ }
+
+ echo "Origin branch is $(git rev-parse origin/master), destination is $(git rev-parse destination/master)"
+ if $bidirectional; then
+ git rebase "destination/${branch}" || {
+ echo "Failed to rebase ${branch} from destination, aborting sync..."
+ git rebase --abort &>/dev/null || true
+ return 1
+ }
+ git push -f origin "${branch}" || {
+ echo "Failed to force pushed to origin, aborting sync..."
+ return 1
+ }
+ fi
+
+ echo "New head for destination is $(git rev-parse HEAD)"
+ git push destination "${branch}" || {
+ echo "Failed to push to destination..."
+ return 1
+ }
+}
+
+function sync() {
+ echo "sync $*"
+ local bidirectional="$4"
+ pushd "$3"
+ shift 4
+ git fetch origin
+ git fetch destination
+ for branch in "$@"; do
+ sync_branch "${branch}" "${bidirectional}" || true
+ done
+ popd
+}
+
+# Get a local clone
+for i in "${REPOSITORIES[@]}"; do
+ clone $i
+done
+
+# Sync loop
+while true; do
+ for i in "${REPOSITORIES[@]}"; do
+ sync $i
+ done
+ # Sleep 30 seconds between each sync
+ sleep 30
+done
diff --git a/gitsync/known_hosts b/gitsync/known_hosts
new file mode 100644
index 0000000..31cdb7d
--- /dev/null
+++ b/gitsync/known_hosts
@@ -0,0 +1 @@
+github.com,192.30.253.112,192.30.253.113 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
diff --git a/gitsync/ssh_config b/gitsync/ssh_config
new file mode 100644
index 0000000..4db8851
--- /dev/null
+++ b/gitsync/ssh_config
@@ -0,0 +1,5 @@
+Host github.com
+ Hostname github.com
+ User git
+ IdentityFile /home/gitsync/.ssh/id_rsa
+ IdentitiesOnly yes
