Migrating from Git Syncing

At a high level, migrating to Protected Apps entails the following:

  • 1-time set up. Protected Apps can be set up on any of the instances you are hosting. Once you’ve set it up once, you can share the same configuration/secrets across all your instances!
  • 1 default branch, 1 repo. Instead of having multiple branches (development, staging, and production), we recommend one main branch. All your instances configured with Protected Apps can be pointing at that branch. Instead of merging from branch to branch to manage and promote changes, Releases can be used to manage what end users see, and how applications get updated.
  • Granular control at the app level. There is no longer a need to use VERSION_CONTROL_LOCKED=true to disable editing on an instance. Instead you can lock down and sync specific apps with Protected Apps, leverage releases, and/or use permissions to manage who (or if anyone) can edit and create apps in a particular instance.

Depending on whether you’ve already set up Protected Apps or not, follow the respective guide below.

Using without Protected Apps

  1. Upgrade to version v2.69.17 or higher.

  2. While end users should not be affected, all editors should be alerted and requested to not make any changes during this migration!

  3. Set up Protected Apps on a single instance, following our Source Control - With Github documentation.

  4. Follow the next section, Using with Protected Apps

Using with Protected Apps

If you have been using Protected Apps and Git Syncing together, as recommend by our previous documentation, a typical Protected Apps and Git Syncing configurations looked like this:

We will reference this diagram as an example, but your configuration may differ.

  1. Upgrade to version v2.69.17 or higher.

  2. End users should not be affected, but all editors should be alerted to not make any changes during this migration.

  3. On all instances, disable Git Syncing.

    1. Set DISABLE_GIT_SYNCING=true, and VERSION_CONTROL_LOCKED=false
    2. Remove Git Syncing configuration repo url and branch name in Advanced Settings:
  1. On all instances, set up Protected Apps:

    1. In all previously “read-only” instances, copy over Protected Apps related ENV vars from the instance that’s already configured to use Protected Apps: GITHUB_APP_ID, GITHUB_APP_INSTALLATION_ID, GITHUB_APP_PRIVATE_KEY
    2. Configure Protected Apps on other instances: https://docs.retool.com/docs/setting-up-protected-applications#configure-the-github-repository. If you are using a “Git Flow” style of development with multiple branches, you now have the option to move to a single branch flow and use Release Management to gate what end-users see! We strongly recommend using 1 branch, typically called main.
  2. In a few minutes, across all instances, apps that are protected will now be marked as such and edits will not be able to made directly to those apps. Releases will continue to pin any apps. If there are apps you do not want to appear in any particular instance anymore, you can manually delete them as you see fit.

  3. You can now archive the git repository associated with Git Syncing.


Did this page help you?