pagopa · MarBert · May 27, 2026 · May 28, 2026 · May 28, 2026 · May 28, 2026
diff --git a/.github/workflows/push_on_public_repo.yml b/.github/workflows/push_on_public_repo.yml
@@ -1,11 +1,79 @@
-name: Push documentation on public repository
+name: Push documentation on target repository
 
 on:
   workflow_dispatch:
+    inputs:
+      base_branch:
+        description: 'Private repository branch from which to checkout'
+        required: true
+        default: 'docs/from-gitbook'
+        type: string
+      target_branch:
+        description: 'Target repository branch from which to checkout'
+        required: true
+        default: 'main'
+        type: string
+      target_repository:
+        description: 'Name of the target repository to push to (owner/repo format)'
+        required: true
+        default: 'pagopa/developer-portal-docs'
+        type: string
+      commit_message:
+        description: 'Custom commit message'
+        required: false
+        default: 'Update documentation'
+        type: string
+      paths_to_add:
+        description: 'Comma-separated list of paths to add'
+        required: false
+        default: ''
+        type: string
+      paths_to_remove:
+        description: 'Comma-separated list of paths to remove'
+        required: false
+        default: ''
+        type: string
 
 jobs:
   push-to-target:
     runs-on: ubuntu-latest
     steps:
-      - name: Placeholder
-        run: echo "No sync steps implemented yet."
+      - name: Checkout private repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.base_branch }}
+          path: private_repo
+
+      - name: Checkout target repository
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.target_branch }}
+          repository: ${{ inputs.target_repository }}
+          token: ${{ secrets.PAT }}
+          path: target_repo
+
+      - name: Sync Repositories content
+        env:
+          PATHS_TO_ADD: ${{ inputs.paths_to_add }}
+          PATHS_TO_REMOVE: ${{ inputs.paths_to_remove }}
+        run: |
+          chmod +x private_repo/scripts/sync_repo.sh
+          ./private_repo/scripts/sync_repo.sh
+
+      - name: Push commit to target repo
+        env:
+          COMMIT_MESSAGE: ${{ inputs.commit_message }}
+          TARGET_BRANCH: ${{ inputs.target_branch }}
+          GH_USER_NAME: ${{ vars.GH_USER_NAME }}
+          GH_USER_MAIL: ${{ vars.GH_USER_MAIL }}
+        run: |
+          cd target_repo
+          git config user.name "$GH_USER_NAME"
+          git config user.email "$GH_USER_MAIL"
+          git add -A
+          if git diff-index --quiet HEAD; then
+            echo "No updates to commit"
+          else
+            git commit -m "$COMMIT_MESSAGE"
+            git push origin "$TARGET_BRANCH"
+          fi
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.idea/*
diff --git a/scripts/sync_repo.sh b/scripts/sync_repo.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+set -e
+
+PATHS_TO_ADD="${1:-$PATHS_TO_ADD}"
+PATHS_TO_REMOVE="${2:-$PATHS_TO_REMOVE}"
+
+validate_path() {
+    local p="$1"
+    if [[ "$p" == *".."* ]] || [[ "$p" == *"~"* ]] || [[ "$p" == *"//"* ]] || [[ "$p" == /* ]]; then
+        echo "   [ERROR] Security violation. Unsafe path detected: '$p'."
+        echo "   Paths cannot contain '..', '~', '//', or start with '/'."
+        exit 1
+    fi
+}
+
+IFS=',' read -r -a add_array <<< "$PATHS_TO_ADD"
+IFS=',' read -r -a remove_array <<< "$PATHS_TO_REMOVE"
+
+echo "=== Processing paths to ADD ==="
+for path in "${add_array[@]}"; do
+    path=$(echo "$path" | xargs)
+    if [[ -z "$path" ]]; then continue; fi
+    validate_path "$path"
+
+    path="${path#./}"
+    path="${path#/}"
+
+    if [[ "$path" == "docs" || "$path" == "docs/" ]]; then
+        path="docs"
+    elif [[ "$path" != docs/* ]]; then
+        path="docs/$path"
+    fi
+
+    # Path in target_repo has no docs/ prefix
+    if [[ "$path" == "docs" ]]; then
+        target_path="."
+    else
+        target_path="${path#docs/}"
+    fi
+
+    echo "-> Handling path: $path (target_repo: $target_path)"
+
+    if [[ -e "target_repo/$target_path" ]]; then
+        echo "   Found in target_repo. Deleting..."
+        rm -rf "target_repo/$target_path"
+    fi
+
+    if [[ -e "private_repo/$path" ]]; then
+        echo "   Found in private_repo. Copying..."
+        mkdir -p "target_repo/$(dirname "$target_path")"
+        cp -r "private_repo/$path" "target_repo/$target_path"
+    else
+        echo "   Warning: Path '$path' does not exist in private_repo."
+    fi
+done
+
+echo ""
+echo "=== Processing paths to REMOVE ==="
+for path in "${remove_array[@]}"; do
+    path=$(echo "$path" | xargs)
+    if [[ -z "$path" ]]; then continue; fi
+    validate_path "$path"
+
+    path="${path#./}"
+    path="${path#/}"
+
+    if [[ "$path" == "docs" || "$path" == "docs/" ]]; then
+        path="docs"
+    elif [[ "$path" != docs/* ]]; then
+        path="docs/$path"
+    fi
+
+    if [[ "$path" == "docs" ]]; then
+        target_path="."
+    else
+        target_path="${path#docs/}"
+    fi
+
+    echo "-> Handling path: $path (target_repo: $target_path)"
+    if [[ -e "target_repo/$target_path" ]]; then
+        echo "   Deleting $target_path from target_repo..."
+        rm -rf "target_repo/$target_path"
+    else
+        echo "   Path '$target_path' is not present in target_repo (nothing to do)."
+    fi
+done
+
+echo ""
+echo "=== Operation Completed ==="