setup-buildx-action VS gitlab-foss

Good luck running this locally. There's no script code to speak of, just references to external "actions" and parameters (for example, https://github.com/docker/setup-buildx-action).

Some CI platforms are just a simple glue layer (Gitlab CI - which I prefer - is one of them), but in most cases Github CI is not. Maybe it adds to the author frustration?

Set up Docker Buildx: We will use the docker/setup-buildx-action action to set up Docker Buildx.

There’s an amazing docker/bake-action which makes it insanely easy to build all of your containers in the most optimal way. Since we’ve set the group “default” block in the docker-bake.hcl, config is very minimal. One step in your GitHub Action workflow file will build all of your images and will push all of your cache layers, tag all of your containers, and push all your final images. You’ll still have to do things like checkout the code and don’t forget that you’ll want to use the docker/setup-buildx-action since bake is a buildx feature. There’s one quick gotcha for the actual docker/bake-action. We don’t want to push PR builds and we don’t want to pollute the cache with PR builds.

To be clear, that article does NOT provide a solution for avoiding QEMU. I suggested it because it describes "the hard way" to get a single image multi-arch image. The github action crazy-max/ghaction-docker-buildx has been archived and replaced by docker/setup-qemu-action and docker/setup-buildx-action, which it seems like you were already using.

Third step is docker/setup-buildx-action configures buildx, which is a Docker CLI plugin that provides enhanced build capabilities.

We then use the docker/setup-buildx-action action to initialize an environment to build Docker images:

The setup-buildx-action configures Docker Buildx to create a builder instance for running the image build. The following step build-push-action, makes use of that instance to build your Docker image. The build-push-action supports all of the features provided by BuildKit out of the box. In our simple example, we are only specifying the Docker context, but more advanced features like SSH, secrets, and build args are supported.

# Get the repository's code - name: Checkout uses: actions/checkout@v2 # https://github.com/docker/setup-qemu-action - name: Set up QEMU uses: docker/setup-qemu-action@v1 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v1

docker/setup-buildx-action@v1 - we use it to setup the docker builder

* Gitlab EE (enterprise edition) is closed, but Gitlab CE (community edition) is open source (https://gitlab.com/gitlab-org/gitlab-foss/)

* I didn't follow the Gitea drama too closely, but my understanding is that Forgejo was a fork born out of that situation

* I've heard the SourceHut guy is a controversial figure, so avoiding it because of that isn't unreasonable. I will just say that "spite forks" tend not to last very long

Gitlab uses an UrlBlocker class to prevent malicious users from exploiting SSRF via the webhook URL. This class validates the URL and blocks everything which is a local network, but before the 11.5.1 version, they didn't think about an IPv6 format, which maps to IPv4: [0:0:0:0:0:ffff:127.0.0.1]. Replacing the part of 127.0.0.1 to any IP address also worked, and this vulnerability made it possible to send requests to the internal network of a GitLab instance. You can read the issue report here: (https://gitlab.com/gitlab-org/gitlab-foss/-/issues/53242 )[https://gitlab.com/gitlab-org/gitlab-foss/-/issues/53242]

I recommend Auto DevOps and hooking your project up to the Kubernetes cluster. Auto DevOps is a standard CI/CD template that GitLab uses by default when .gitlab-ci.yml is not present. It can automatically package up certain types of applications, including those with a Dockerfile in the root of the repo. If the project is hooked up to a Kubernetes cluster and all the right variables are present, it builds that docker image and then fills in a Helm chart template containing that image and deploys it to the cluster.

Thanks. This was also requested for the UI 7 years ago

https://gitlab.com/gitlab-org/gitlab-foss/-/issues/12776

and then closed with the claim that this was implemented, when in fact, it was not.

Similar to fsync, these are designed to ensure data integrity, but in a test setup, they don't matter. You can read more about these in the Postgres doc on non-durability. and explore some benchmarks from Gitlab here. Interestingly, CircleCI's old Postgres images had these features disabled by default, but the newer ones don't seem to.

Most all of those things are possible with Argo Workflows or Tekton with very great effort. But a sustainable system with all the features built-in.

If you wish to clone a copy of GitLab without proprietary code, you can use the read-only mirror of GitLab located at https://gitlab.com/gitlab-org/gitlab-foss/. However, please do not submit any issues and/or merge requests to that project.

GitLab versions 10.7 and later, allow the HTTP(S) protocol for Git clone or fetch requests done by GitLab Runner from CI/CD jobs, even if you select Only SSH.

it sure does