Job Details

Enterprise Bitbucket → GitHub Migration with Zero-Downtime CI, LFS & Org-Wide Branch Protection

Sep 26, 2025 - MidLevel

$1,250.00 Fixed

Executive Pain-Point

Your enterprise runs 87 private Bitbucket repositories (mono-repos + Git-LFS firmware binaries) across 3 workspaces. Security mandate requires consolidating onto GitHub Enterprise Cloud before Q4 audit. Previous in-house attempt broke CI pipelines, lost LFS pointers and took 36 h downtime—unacceptable for a 24×7 SaaS platform.

Business Outcomes You Need

  • Zero source-code downtime during cut-over.
  • Full Git history + LFS firmware files intact.
  • Replicated CI/CD (Bitbucket Pipelines → GitHub Actions) with secrets rotation.
  • Org-wide branch protection & compliance evidence for SOC-2.

Technical Scope I Will Deliver

  • Pre-Migration Discovery
    • Inventory repos, branches, tags, branch-models, deployment keys, webhooks, PIPELINES.
    • Export LFS pointer checksums and binary size (≈ 42 GB).
    • Map Bitbucket deployment variables → GitHub Environments.
  • Mirror & Historical Integrity
    • Bare clone --mirror with git-lfs fetch --all into temporary EC2 (10 Gbps).
    • SHA-256 checksum manifest before & after push.
    • GPG-signed tags re-signed under GitHub Enterprise key.
  • CI/CD Re-platforming
    • Automated converter (Python + Jinja2) turns bitbucket-pipelines.yml into GitHub Actions workflows (matrix, caches, OIDC).
    • Rotate AWS keys into OIDC federated role (least-privilege).
    • Parallel builds tested on pull-request events—zero queue increase.
  • Branch Protection & Compliance
    • GraphQL script enforces:
      • Require 2 reviews for main, dismiss stale, require signed commits.
      • Status checks (unit, lint, SCA, SAST) must pass.
    • CSV evidence of every rule applied (audit artifact).
  • Cut-over Strategy (Blue/Green)
    • Read-only Bitbucket repo banner 30 min before final sync.
    • DNS/SSH keys updated via Terraform; webhook URLs switched.
    • Rollback plan: Bitbucket mirror kept 72 h with force-push disabled.
  • Post-Migration Validation
    • Clone-test-build script ran on 5 random repos → build time delta <5 %.
    • LFS binaries checksum-verified; firmware MD5 matches original.
    • Developer onboarding PDF: new clone URLs, token generation, VPN tweak.
  • Enterprise Deliverables
    • Migration runbook (30 pages) + executive summary (2 pages).
    • GitHub Actions YAMLs (ready to use) + OIDC IAM roles Terraform.
    • Evidence package: checksum CSV, branch-protection screenshot, build-time report.
    • LFS integrity SHA-256 manifest signed with GPG.

Why You Need a Mid-Level Specialist

  • Bitbucket & GitHub certified + 50+ enterprise migrations.
  • CI/CD converter scripts are reusable for future repos.
  • 30-day post-migration support included ( Slack shared-channel ).
Version control systems (e.g., Git, Mercurial, SVN)
  • Brazil
  • Proposal: 0
  • Verified
  • Less than a week
Ricardo Costa
Ricardo Costa Inactive
, Brazil
Member since
Aug 5, 2025
Total Job
4
Last seen
2 weeks ago