| 1 |
On Wed, May 27, 2020 at 2:31 PM Matt Turner <mattst88@g.o> wrote: |
| 2 |
|
| 3 |
> On Wed, May 27, 2020 at 1:14 AM Alec Warner <antarus@g.o> wrote: |
| 4 |
> > On Tue, May 26, 2020, 23:08 Michał Górny <mgorny@g.o> wrote: |
| 5 |
> >> |
| 6 |
> >> On Tue, 2020-05-26 at 20:24 -0700, Alec Warner wrote: |
| 7 |
> >> > The TL;DR is that a crack team of infra-folks[0] have been putting |
| 8 |
> together |
| 9 |
> >> > demos of CI services and things like gitlab / gitea / gerrit and so |
| 10 |
> on. |
| 11 |
> >> > |
| 12 |
> >> > Some of these come in combined (e.g. gitlab offers repo hosting, code |
| 13 |
> >> > review / pull reqs, CI services, and deploy services.) Some of these |
| 14 |
> are |
| 15 |
> >> > piecemeal (e.g. gerrit has code review, zuul has CI) and gitea offers |
| 16 |
> >> > repo-hosting but CI is separate (e.g. drone.) |
| 17 |
> >> > |
| 18 |
> >> > On the infra-side, I think we are pretty happy with repo-hosting |
| 19 |
> (gitolite) |
| 20 |
> >> > and repo-serving (gitweb). We are missing a CI piece and a |
| 21 |
> pull-request |
| 22 |
> >> > piece. Most of the users using PRs use either a gitlab or github |
| 23 |
> mirror. |
| 24 |
> >> > |
| 25 |
> >> > I think the value of CI is pretty obvious to me (and I see tons of use |
| 26 |
> >> > cases in Infra.) We could easily build CI into our current repository |
| 27 |
> >> > solution (e.g. gitolite.) However gitolite doesn't really support PRs |
| 28 |
> in a |
| 29 |
> >> > uniform way and so CI is mostly for submitted code; similar to the |
| 30 |
> existing |
| 31 |
> >> > ::gentoo repo CI offered by mgorny. |
| 32 |
> >> > |
| 33 |
> >> > If we build a code review solution (like gitea / gerrit) would people |
| 34 |
> use |
| 35 |
> >> > it? Would you use it if you couldn't merge (because the code review |
| 36 |
> >> > solution can't gpg sign your commits or merges) so a tool like the |
| 37 |
> existing |
| 38 |
> >> > pram tool would be needed to merge? |
| 39 |
> >> > |
| 40 |
> >> |
| 41 |
> >> Does GitLab count? Gerrit is just PITA. I think we had some concerns |
| 42 |
> >> about Gitea, so I'd like to test it before deciding. GitLab OTOH works |
| 43 |
> >> just fine for a lot of projects, and seems the next best thing after |
| 44 |
> >> GitHub |
| 45 |
> > |
| 46 |
> > |
| 47 |
> > Gitlab does count (we deployed and tested an onprem version.) I think |
| 48 |
> there are some major issues with it though. |
| 49 |
> > - Licensing. Gitlab-CE is available, gitlab-EE is not OSS nor OSI |
| 50 |
> approved and many of the features we need are EE only and are not available |
| 51 |
> in CE. |
| 52 |
> |
| 53 |
> It's very surprising to me that CE wouldn't work for our purposes. |
| 54 |
> Debian, GNOME, KDE, XFCE, and FreeDesktop have all switched to GitLab |
| 55 |
> and are using CE. It's hard to believe that Gentoo's usage or |
| 56 |
> requirements would be so different as to make GitLab a non-viable |
| 57 |
> option. |
| 58 |
> |
| 59 |
> What features of EE do you think we need? |
| 60 |
> |
| 61 |
|
| 62 |
I know debian spent considerable effort customizing their gitlab. I've not |
| 63 |
heavily investigated the other deployments. We set up a demo on |
| 64 |
gitlab.gentoo.org already as a test and there are some issues. Many of them |
| 65 |
are related to operations and not to the app itself. |
| 66 |
|
| 67 |
[mirroring] |
| 68 |
- We can't do pull-based git mirroring ( |
| 69 |
https://docs.gitlab.com/ee/user/project/repository/repository_mirroring.html#pulling-from-a-remote-repository-starter |
| 70 |
) |
| 71 |
[Auth] Note that we have keycloak now, so we can perhaps workaround these |
| 72 |
LDAP issues. |
| 73 |
- GItlab doesn't support multiple redundant LDAP servers |
| 74 |
- Gitlab doesn't support LDAP group syncing |
| 75 |
- Gitlab doesn't support syncing admin users from LDAP |
| 76 |
[mgmnt] |
| 77 |
- The gitlab terraform provider is pretty bad; and I struggled to get it |
| 78 |
to control our admin users; did not leave me excited about managing other |
| 79 |
resources (projects, users, hooks, etc.) |
| 80 |
|
| 81 |
The pull-based mirroring is a bit sad, as it would be nice to auto-update |
| 82 |
some forks, but it's not a killer feature. I think our new SSO solution |
| 83 |
could potentially be a fix for the auth subsystems, but more work there |
| 84 |
will be needed. |
| 85 |
|
| 86 |
Another major issue is operating the software. I haven't found anyone to |
| 87 |
*run* gitlab; I'm not eager to do it. Today Gentoo is mostly distributed, |
| 88 |
bugs are in bugzilla, wiki is on mediawiki, code is on gitolite with N |
| 89 |
mirrors, email and lists are separate, etc. In a world where bugs, wiki, |
| 90 |
code, ci, containers, PRs, are all on gitlab and it breaks and we can't fix |
| 91 |
it; it will be bad news for all of those things. If the bugzilla machine |
| 92 |
breaks we lose bugzilla; if gitlab breaks we lose the ability to edit the |
| 93 |
wiki, file bugs, commit, run CI, etc. |
| 94 |
|
| 95 |
-A |
Archives