Deop partnered with Globys to successfully migrate their entire code base and pipelines from GitLab to GitHub. The core of the engagement was to solve the critical challenge of replicating GitLab's group and repository hierarchy within the more open GitHub architecture while simultaneously establishing robust, organization-wide security and governance standards. By implementing a combination of custom properties, repository topics, and the Safe Settings solution, Deop ensured a seamless migration with centralized control, improved code hygiene, and enhanced security posture, allowing Globys to maintain structure across hundreds of repositories.
Seamless GitLab to GitHub Migration Without Disrupting Developer Experience: Globys faced a critical challenge: migrating hundreds of GitLab repositories to GitHub while maintaining a consistent, high-quality developer experience. The goal was to transition all source code and CI/CD pipelines to GitHub Actions with zero downtime or workflow disruption.
At the same time, it was essential to strengthen security controls, enable Copilot for enhanced productivity, and ensure Canadian data compliance throughout the migration. Achieving this required expert DevOps consulting and a carefully orchestrated migration strategy tailored for Canadian enterprises.
Governance at Scale: The migration required applying a consistent set of branch protection and other settings to hundreds of repositories in bulk. Manual configuration was infeasible for the scope of the project.
Deop developed and executed a comprehensive strategy focused on establishing strong governance and organizational clarity within the new GitHub environment.
Replicated the required organizational structure and enabled targeted security configuration for specific repository groups.
Ensured a stable and efficient transfer of code and history while managing large file limitations.
Established mandatory security guardrails and centralized repository configuration across the entire organization.
The Safe Settings implementation was configured at multiple levels to balance organization-wide policy with granular repository needs:
Organization-Wide: Settings applied to all repositories were defined in the .github/settings.yml file, requiring caution due to their wide scope.
Suborgs (Group-Based): Custom configurations were defined for groups of repositories (suborgs), created using wildcards (e.g., globys-*), team-based permissions, or Custom Properties (e.g., repositories with client=ABC).
Per-Repository: Individual settings were placed in a <reponame.yml> file under the .github/repos folder for granular, repository-specific management.
Scope Control: A deployment-settings.yml file was created to restrict which repositories the Safe Settings application could manage via the restrictedRepos configuration.
Centralizing configurations via the Safe Settings files eliminated the need for manual per-repository updates.
Automated features like Dependabot and Safe Settings handle repetitive tasks, allowing developers to focus on feature delivery rather than manual governance or cleanup.
By enabling secret scanning push protection, Globys now stops a major security risk before it can happen.
The implementation of Safe Settings ensures uniform, automated branch protection and security controls across hundreds of repositories,
"Moving our code base to GitHub was a massive undertaking, but Deop's expertise made the process seamless. The biggest win for us was the implementation of the Safe Settings solution. We were worried about losing the fine-grained hierarchy we had in GitLab, but the use of Custom Properties and Topics gave us the structure we needed while maintaining the velocity and developer experience of GitHub. The immediate enforcement of critical security features, like preventing secrets from being pushed in the first place, has given our leadership team complete confidence in our new environment."
- Head of Engineering
