To migrate repositories from Azure DevOps to GitHub, you need sufficient access to the source (an organization on Azure DevOps) and the destination (an organization on GitHub). After you complete the steps in this article, your access and permissions will ready for your migration.
Decide who will perform the migration
If the person who will perform the migration is not a GitHub organization owner, a GitHub organization owner must first grant them the migrator role.
- If you're a GitHub organization owner, and intend to perform the migration yourself, you can continue reading this guide.
- If you wish to assign the migrator role to someone else, do that now. Then, the migrator should perform the rest of the steps in these guides. See 授予迁移者角色.
Create a personal access token (classic) on GitHub
Next, you will need to create a personal access token (classic) which the ADO2GH extension of the GitHub CLI will use to communicate with GitHub. GitHub personal access token (classic) 所需的范围取决于你的角色和要完成的任务。
注意
只能使用 personal access token (classic),而不能使用 fine-grained personal access token。这意味着,如果贵组织使用“限制 personal access tokens (classic) 访问组织”策略,则你无法使用 GitHub Enterprise Importer。 有关详细信息,请参阅“在企业中强制实施个人访问令牌策略”。
| 任务 | 组织所有者 | 迁移者 |
|---|---|---|
| 为存储库迁移分配迁移者角色 | admin:org | |
| 运行存储库迁移(目标组织) | repo, admin:org, workflow | repo, read:org, workflow |
| 下载迁移日志 | repo, admin:org, workflow | repo, read:org, workflow |
| 回收模型 | admin:org |
To learn how to create the token, see 管理个人访问令牌.
Create a Personal access token on Azure
Your Azure DevOps personal access token must have work item (read), code (read), and identity (read) scopes.
We recommend that you grant full access to your personal access token so you can use the inventory-report flag in phase 4.
If you want to migrate from multiple organizations, allow the personal access token to access all accessible organizations.
See Use personal access tokens in Microsoft Docs.
Configure IP allow lists on GitHub
If you use GitHub's IP allow list feature, you must add the GitHub IP ranges below to the allow list for the source and/or destination organizations.
If your destination organization is on GitHub.com, you will need to allow the following IP addresses:
- 192.30.252.0/22
- 185.199.108.0/22
- 140.82.112.0/20
- 143.55.64.0/20
- 135.234.59.224/28 (2025 年 7 月 28 日添加)
- 2a0a:a440::/29
- 2606:50c0::/32
- 20.99.172.64/28(2025 年 7 月 28 日添加)
See 管理组织允许的 IP 地址 and 使用 IP 允许列表限制企业网络的流入流量.
Temporarily configure your identity provider's (IdP) restrictions
If you use your IdP's IP allow list (such as Azure CAP) to restrict access to your enterprise on GitHub, you should disable these restrictions in your enterprise account settings until after your migration is complete.
Allow migrations to bypass repository rulesets
如果目标组织或企业启用了规则集,则迁移的存储库历史记录可能会违反这些规则。 要在不禁用规则集的情况下允许迁移,请将“存储库迁移”添加到每个适用规则集的绕过列表中。 此绕过仅在迁移期间适用。 完成后,将对所有新贡献强制实施规则集。
若要配置旁路,请执行以下配置:
- 导航到每个企业或组织规则集。
- 在“绕过列表”部分中,单击“ 添加绕过”。
- 选择 存储库迁移。
有关详细信息,请参阅“创建组织中存储库的规则集”。