iCredible Git Security is an enterprise-level solution for secure repository backup and restore, featuring robust encryption and compression standards.

To use this action, you must meet the following requirements.

(Required)

You must store the necessary sensitive data in your repository's Settings > Secrets > Actions section.

• ICREDIBLE_ACTIVATION_CODE: The activation code provided by your API service.
• ICREDIBLE_ENCRYPTION_PASSWORD: A secure password of at least 8 characters that must include: uppercase letter, lowercase letter, digit, and special character (!@#$%^&*(),.?":{}|<>). Recommended: use at least 32 characters.

(Optional)

This is required if you want to restore the .github/workflows directory in your repository. If this token is not provided, the relevant directory within the backup file will be deleted during restore. Since this information is stored in iCredible File Security, you can restore the .github/workflows directory at any time.

• ICREDIBLE_REPOSITORY_RESTORE_TOKEN: A Personal Access Token (PAT) with repo and workflow permissions.
• Usage: Used only during the restore operation to also recover workflow files.

(Required)

• For backup: Create a file named icredible-git-sec-backup.yml.
• For restore: Create a file named icredible-git-sec-restore.yml.

• 🔒 AES-256-GCM encryption with PBKDF2 key derivation
• ⚡ Zstandard (ZSTD) compression at level 10
• 🔐 OTP-based authentication for restore operations
• 📦 Complete repository mirroring with workflow management
• 🔄 Seamless integration with GitHub Actions

• AES-256-GCM Encryption: Industry-standard encryption using AES-256-GCM cipher with PBKDF2 key derivation.
• Zstandard: Real-time compression algorithm providing high compression ratios at level 10.
• Encryption Process: The password is first hashed using SHA-256, and the resulting hash value is used as the encryption key to securely encrypt the compressed backup file.

• OTP Verification: Dual authentication method (email or authenticator app).
• Secrets Management: Secure handling of sensitive data through GitHub Secrets.
• Encrypted Backups: All backups are encrypted before transmission and storage.
• PBKDF2 Key Derivation: Secure key derivation with 600,000 iterations for enhanced security.

CRITICAL: To ensure successful restoration of your backups, it is strongly recommended to use the exact same version of iCredible Git Security Action for both backup and restore operations.

Different versions may utilize:

• Varying encryption algorithms and parameters (AES-256-GCM with different configurations, alternative algorithms)
• Different compression technologies (ZSTD levels, alternative compressors)
• Modified archive formats and directory structures
• Updated security protocols and key derivation functions
• Changed metadata handling and verification mechanisms

• Go to Settings > Secrets > Actions in your repository
• Create a new secret named ICREDIBLE_ACTIVATION_CODE
• Paste the activation code provided by our iCredible File Security service (https://staging.management.file-security.icredible.com/dashboard/activation-codes?tab=activation-codes)

• Create a new secret named ICREDIBLE_ENCRYPTION_PASSWORD
• Use a strong password of at least 8 characters including:
  • Uppercase letter (A-Z)
  • Lowercase letter (a-z)
  • Digit (0-9)
  • Special character (!@#$%^&*(),.?":{}|<>)

Create a file at .github/workflows/icredible-git-sec-backup.yml and paste in the block below:

name: 'iCredible Repository Backup Process'
permissions:
  contents: read

on:
  push:

jobs:
  secure_and_archive_repo:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: 'iCredible Git Sec | Backup'
        uses: icredibletech/git-security@latest
        with:
          icredible_activation_code: ${{ secrets.ICREDIBLE_ACTIVATION_CODE }}
          icredible_encryption_password: ${{ secrets.ICREDIBLE_ENCRYPTION_PASSWORD }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          action: 'backup'

⚠️ Note The restore function will overwrite all history. We recommend creating a new repository to perform the restore operation in order to preserve your current history.

Create a file at .github/workflows/icredible-git-sec-restore.yml and paste in the block below:

name: 'iCredible Repository Restore Process'
permissions:
  contents: write

on:
  workflow_dispatch:
    inputs:
      file_version_id:
        description: 'The version ID of the file you want to restore.'
        required: true
      otp_delivery_method:
        description: "Specifies the delivery method for the OTP required to authorize a restore operation. Valid options are 'MAIL' or 'AUTHENTICATOR'."
        required: true

jobs:
  restore_from_archive:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: 'iCredible Git Sec | Restore'
        uses: icredibletech/git-security@latest
        with:
          icredible_activation_code: ${{ secrets.ICREDIBLE_ACTIVATION_CODE }}
          icredible_encryption_password: ${{ secrets.ICREDIBLE_ENCRYPTION_PASSWORD }}
          file_version_id: ${{ github.event.inputs.FILE_VERSION_ID }}
          otp_delivery_method: ${{ github.event.inputs.OTP_DELIVERY_METHOD }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          suspend_actions: 'true'
          action: 'restore'

1. Log in to your GitHub account
2. Click on your profile picture in the top-right corner
3. Navigate to: Settings → Developer Settings → Personal Access Tokens → Tokens (classic)
4. Click Generate new token then Generate new token (classic)

Set these required permissions:

Note: 'iCredible-Git-Security-Restore-Token' # Example name
Expiration: 30 days # Recommended duration
Permissions:
  - repo # Select ALL repository permissions
  - workflow # Required for workflow restore

1. In your repository, go to: Settings → Secrets → Actions
2. Click New repository secret
3. Enter details:

Name: ICREDIBLE_REPOSITORY_RESTORE_TOKEN  # This will be used in workflow
Secret: [Paste your generated token here]

Add this to your restore workflow under “with:” (.github/workflows/icredible-git-sec-restore.yml):

icredible_repository_restore_token: ${{ secrets.ICREDIBLE_REPOSITORY_RESTORE_TOKEN }}

Optional

To ensure the restore process runs without interference from other automated workflows in your repository, this action includes a safety feature to temporarily suspend all GitHub Actions.

This is highly recommended for repositories with active CI/CD pipelines or other automations.

• Before Restore: The action saves your repository's current workflow settings.
• Suspend: It then temporarily disables GitHub Actions for the entire repository.
• After Restore: Once the restore is complete (or if it fails), the action automatically restores the original workflow settings, re-enabling them.

You can control this feature using the suspend_actions input in your restore workflow file.

• suspend_actions: 'true' (Default): Activates the safety feature. Workflows will be suspended during the operation.
• suspend_actions: 'false': Deactivates the feature. Workflows will remain active, which is not recommended unless you are sure no other actions will interfere.