1 |
On Wed, May 27, 2020 at 2:31 PM Matt Turner <mattst88@g.o> wrote: |
2 |
|
3 |
> On Wed, May 27, 2020 at 1:14 AM Alec Warner <antarus@g.o> wrote: |
4 |
> > On Tue, May 26, 2020, 23:08 Michał Górny <mgorny@g.o> wrote: |
5 |
> >> |
6 |
> >> On Tue, 2020-05-26 at 20:24 -0700, Alec Warner wrote: |
7 |
> >> > The TL;DR is that a crack team of infra-folks[0] have been putting |
8 |
> together |
9 |
> >> > demos of CI services and things like gitlab / gitea / gerrit and so |
10 |
> on. |
11 |
> >> > |
12 |
> >> > Some of these come in combined (e.g. gitlab offers repo hosting, code |
13 |
> >> > review / pull reqs, CI services, and deploy services.) Some of these |
14 |
> are |
15 |
> >> > piecemeal (e.g. gerrit has code review, zuul has CI) and gitea offers |
16 |
> >> > repo-hosting but CI is separate (e.g. drone.) |
17 |
> >> > |
18 |
> >> > On the infra-side, I think we are pretty happy with repo-hosting |
19 |
> (gitolite) |
20 |
> >> > and repo-serving (gitweb). We are missing a CI piece and a |
21 |
> pull-request |
22 |
> >> > piece. Most of the users using PRs use either a gitlab or github |
23 |
> mirror. |
24 |
> >> > |
25 |
> >> > I think the value of CI is pretty obvious to me (and I see tons of use |
26 |
> >> > cases in Infra.) We could easily build CI into our current repository |
27 |
> >> > solution (e.g. gitolite.) However gitolite doesn't really support PRs |
28 |
> in a |
29 |
> >> > uniform way and so CI is mostly for submitted code; similar to the |
30 |
> existing |
31 |
> >> > ::gentoo repo CI offered by mgorny. |
32 |
> >> > |
33 |
> >> > If we build a code review solution (like gitea / gerrit) would people |
34 |
> use |
35 |
> >> > it? Would you use it if you couldn't merge (because the code review |
36 |
> >> > solution can't gpg sign your commits or merges) so a tool like the |
37 |
> existing |
38 |
> >> > pram tool would be needed to merge? |
39 |
> >> > |
40 |
> >> |
41 |
> >> Does GitLab count? Gerrit is just PITA. I think we had some concerns |
42 |
> >> about Gitea, so I'd like to test it before deciding. GitLab OTOH works |
43 |
> >> just fine for a lot of projects, and seems the next best thing after |
44 |
> >> GitHub |
45 |
> > |
46 |
> > |
47 |
> > Gitlab does count (we deployed and tested an onprem version.) I think |
48 |
> there are some major issues with it though. |
49 |
> > - Licensing. Gitlab-CE is available, gitlab-EE is not OSS nor OSI |
50 |
> approved and many of the features we need are EE only and are not available |
51 |
> in CE. |
52 |
> |
53 |
> It's very surprising to me that CE wouldn't work for our purposes. |
54 |
> Debian, GNOME, KDE, XFCE, and FreeDesktop have all switched to GitLab |
55 |
> and are using CE. It's hard to believe that Gentoo's usage or |
56 |
> requirements would be so different as to make GitLab a non-viable |
57 |
> option. |
58 |
> |
59 |
> What features of EE do you think we need? |
60 |
> |
61 |
|
62 |
I know debian spent considerable effort customizing their gitlab. I've not |
63 |
heavily investigated the other deployments. We set up a demo on |
64 |
gitlab.gentoo.org already as a test and there are some issues. Many of them |
65 |
are related to operations and not to the app itself. |
66 |
|
67 |
[mirroring] |
68 |
- We can't do pull-based git mirroring ( |
69 |
https://docs.gitlab.com/ee/user/project/repository/repository_mirroring.html#pulling-from-a-remote-repository-starter |
70 |
) |
71 |
[Auth] Note that we have keycloak now, so we can perhaps workaround these |
72 |
LDAP issues. |
73 |
- GItlab doesn't support multiple redundant LDAP servers |
74 |
- Gitlab doesn't support LDAP group syncing |
75 |
- Gitlab doesn't support syncing admin users from LDAP |
76 |
[mgmnt] |
77 |
- The gitlab terraform provider is pretty bad; and I struggled to get it |
78 |
to control our admin users; did not leave me excited about managing other |
79 |
resources (projects, users, hooks, etc.) |
80 |
|
81 |
The pull-based mirroring is a bit sad, as it would be nice to auto-update |
82 |
some forks, but it's not a killer feature. I think our new SSO solution |
83 |
could potentially be a fix for the auth subsystems, but more work there |
84 |
will be needed. |
85 |
|
86 |
Another major issue is operating the software. I haven't found anyone to |
87 |
*run* gitlab; I'm not eager to do it. Today Gentoo is mostly distributed, |
88 |
bugs are in bugzilla, wiki is on mediawiki, code is on gitolite with N |
89 |
mirrors, email and lists are separate, etc. In a world where bugs, wiki, |
90 |
code, ci, containers, PRs, are all on gitlab and it breaks and we can't fix |
91 |
it; it will be bad news for all of those things. If the bugzilla machine |
92 |
breaks we lose bugzilla; if gitlab breaks we lose the ability to edit the |
93 |
wiki, file bugs, commit, run CI, etc. |
94 |
|
95 |
-A |