Our great sponsors
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Gollum
A simple, Git-powered wiki with a local frontend and support for many kinds of markup and content.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Thanks for your feedback. GitLab team member here.
> We(as in everyone) are in a serious need of a new git server product. Just do git serving, and do it well. Preferably in a way multiple nodes can be run active-active for scaling and reliability. No need for cicd (Jenkins is fine for that, thank you very much).
You can integrate Jenkins into GitLab. https://docs.gitlab.com/ee/integration/jenkins.html Suggest considering a migration to GitLab CI/CD in your migration planning, following the updated documentation: https://docs.gitlab.com/ee/ci/migration/jenkins.html and more automated imports in https://about.gitlab.com/blog/2023/09/26/atlassian-server-en...
> Web hooks sending and receiving. For example launch a merge request webhook(to lambda via aws api gateway, or to Jenkins). Receive a webhook as merge request approval when some Jenkins job finishes.
(FYI) https://docs.gitlab.com/ee/user/project/integrations/webhook... and https://docs.gitlab.com/ee/user/project/integrations/webhook...
You can trigger a pipeline from external webhooks using a trigger token, and execute an action against the GitLab REST API. The example for triggering pipelines in https://docs.gitlab.com/ee/ci/triggers/#trigger-a-pipeline can be expanded into more actions, i.e. using the API to create MR approvals or comments.
For Python, I'd recommend looking into python-gitlab and this tutorial blog post: https://about.gitlab.com/blog/2023/02/01/efficient-devsecops...
> if you create cicd jobs/pipelines there is no way to giving someone an ability to run that pipeline without giving that person ability to push to the repository and submit merge requests. Yes, you can then set it so approval is needed before merge, protecting said pipeline, but why? There has been a ticket on gitlabs own issues page about it for years and it is still not resolved.
Please share the URL :)
When creating a new GitLab project, the default branch is protected by default, and only maintainer roles can push to the default branch. https://docs.gitlab.com/ee/user/project/protected_branches.h...
A developer role can create non-protected Git branches, merge requests, and as such trigger a pipeline from a merge request. You've mentioned approval rules as a safeguard already - CODEOWNERS can be an additional way to ensure that review workflows are followed. https://docs.gitlab.com/ee/user/project/codeowners/
You can also use branch protection rules to allow `No one` for push actions, i.e. any branch that matches the pattern, except for `main` or git tag patterns. https://docs.gitlab.com/ee/user/project/protected_branches.h...
> Gitlab enterprise has no mode of working that let's you have more than one active server at a time so goodbye horizontal scaling.
Suggest reviewing the reference architectures documentation in https://docs.gitlab.com/ee/administration/reference_architec... to decide whether horizontal scaling is needed for your environment.
For distributed environments, suggest looking into Geo: https://docs.gitlab.com/ee/administration/geo/index.html
> You want to scale your cicd worker nodes? They want you to use docker mashine(a deprecated product) instead of writing a Plugin like ec2-fleet for Jenkins.
The current GitLab CI/CD runner architecture involves docker-machine, based on a fork maintained by GitLab. This fork receives security and bug fixes to ensure users and customers can rely on auto-scaling in production. https://gitlab.com/gitlab-org/ci-cd/docker-machine#%EF%B8%8F... Please review the support statement in https://gitlab.com/groups/gitlab-org/-/epics/2502 to learn more for how long the fork remains supported.
The new auto-scaling architecture provides a task scheduler, and so-called fleeting plugins. You can review the architecture blueprint in https://docs.gitlab.com/ee/architecture/blueprints/runner_sc... and follow the documentation in https://docs.gitlab.com/runner/runner_autoscale/
If you prefer a timeline, please follow the Docker Machine Replacement Project Plan in https://gitlab.com/groups/gitlab-org/-/epics/6995 For example, the AWS EC2 Fleeting plugin is available in Beta since GitLab 16.5 and scheduled for 16.7 GA, see the epic https://gitlab.com/groups/gitlab-org/-/epics/8856
When using Kubernetes, you can take advantage of the Kubernetes executor to auto-scale pods. https://docs.gitlab.com/runner/executors/kubernetes.html
To optimize the CI/CD infrastructure next to auto-scaling, these tips might be handy, too: https://docs.gitlab.com/ee/ci/pipelines/pipeline_efficiency....
> into saas.
Next to GitLab self-managed and SaaS, you can also use GitLab Dedicated, where you get access your own isolated cloud instance. https://about.gitlab.com/blog/2023/08/03/building-gitlab-wit...
Using Atlassian cloud products is a business risk. They previously let customers sit for weeks without access to their data [1]. Cloud-hosted products do get early patches for unsecured /setup routes though [2], so there's that.
At this point the decision has been made in our org to firewall their products off the internet and internal networks, and migrate to something else by 2024.
[1] https://hn.algolia.com/?q=atlassian
[2] https://confluence.atlassian.com/security/cve-2023-22515-pri...
For something quick and easy consider https://github.com/gollum/gollum#markups which powers Github Wikis.
Note that multi-user auth is NOT supported out of the box however.
GitLab team member here, thanks for sharing.
> Still not a big fan of how stiff Yaml pipelines feel in Gitlab CI
Maybe the pipeline editor in "Build > Pipeline editor" can help with live linting, or more advanced features such as parent-child pipelines or merge trains.
If you need tips for optimizing the CI/CD pipeline, suggest following these tips in the docs https://docs.gitlab.com/ee/ci/pipelines/pipeline_efficiency.... or a few more tips in my recent talk "Efficient DevSecOps pipelines in cloud-native world", slides from Chemnitz Linux Days 2023 in https://docs.google.com/presentation/d/1_kyGo_cWi5dKyxi3BfYj...
> and that tickets for what seems like a simple feature [1] hang around for years, but it is nice.
Thanks for sharing. (FYI for everyone) The linked issue suggests a Docker cache cleanup script, which might be helpful. https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27332#n... -> https://docs.gitlab.com/runner/executors/docker.html#clear-t...
The search works great. I'm using MkDocs with Material as my personal handbook because of the simplicity -- for example, I usually remember great articles in conversations but always forget their location. Since I started writing my newsletter https://opsindev.news/ including an MkDocs web archive, I can share interesting URLs way faster :) Or let folks discover it by themselves, using the search.
Configuration in https://gitlab.com/dnsmichi/opsindev.news/-/blob/main/mkdocs...
Material for MkDocs also has an insiders build, accessible through sponsorship. https://squidfunk.github.io/mkdocs-material/insiders/ These features add more value to MkDocs -- I initially joined to get GDPR-compliant cookie banners and stayed to support a great project.