9:59:59.000,9:59:59.000
Ok, welcome back to the second session[br]of the day.

9:59:59.000,9:59:59.000
It's going to be Alexander Wirt talking[br]about salsa.debian.org.

9:59:59.000,9:59:59.000
[Applause]

9:59:59.000,9:59:59.000
Thank you, good morning.

9:59:59.000,9:59:59.000
I usually don't give talks in english,[br]so please be nice to me.

9:59:59.000,9:59:59.000
However, I'm here.

9:59:59.000,9:59:59.000
I want to talk today about our journey[br]for Alioth

9:59:59.000,9:59:59.000
which is still running, but not for long[br]anymore,

9:59:59.000,9:59:59.000
to our new service, salsa.

9:59:59.000,9:59:59.000
I want to get a little bit into the history[br]of old things

9:59:59.000,9:59:59.000
and what we have already achieved,[br]what we still need to achieve

9:59:59.000,9:59:59.000
and what are our plans for the future.

9:59:59.000,9:59:59.000
Let's start with the basic things,[br]who am I.

9:59:59.000,9:59:59.000
I am the guy who rejects the mails[br]on lists.debian.org,

9:59:59.000,9:59:59.000
I am a listmaster.

9:59:59.000,9:59:59.000
I am the guy that rejects your backports.

9:59:59.000,9:59:59.000
I am the backports ftp master.

9:59:59.000,9:59:59.000
And I am the guy that will destroy[br]alioth.debian.org.

9:59:59.000,9:59:59.000
For the last ten years

9:59:59.000,9:59:59.000
[Applause]

9:59:59.000,9:59:59.000
I was an admin by accident of[br]alioth.debian.org.

9:59:59.000,9:59:59.000
This is another story I will tell you[br]in a few minutes.

9:59:59.000,9:59:59.000
Beside from that, I work as an OpenSource[br]consultant at credativ,

9:59:59.000,9:59:59.000
which is a small company in Germany[br]which is specialized in OpenSource,

9:59:59.000,9:59:59.000
we only do OpenSource consulting[br]in Germany.

9:59:59.000,9:59:59.000
We do what today is called DevOps,[br]we do every kind of consulting.

9:59:59.000,9:59:59.000
If you do something with OpenSource,[br]we are probably the ones you can talk with.

9:59:59.000,9:59:59.000
I am a father of two wonderful girls,

9:59:59.000,9:59:59.000
they're not here unfortunately,

9:59:59.000,9:59:59.000
but otherwise I wouldn't be able[br]to work.

9:59:59.000,9:59:59.000
And in my little bit spare time, I do[br]role playing games and Tabletop games.

9:59:59.000,9:59:59.000
In theory there should be a picture now.

9:59:59.000,9:59:59.000
There's a picture missing,[br]I don't know why,

9:59:59.000,9:59:59.000
which should tell "We need you".

9:59:59.000,9:59:59.000
A little bit of advertisement, if you[br]want to do OpenSource work in Germany,

9:59:59.000,9:59:59.000
paid,

9:59:59.000,9:59:59.000
and you need a job, please talk to me.

9:59:59.000,9:59:59.000
We are always looking for good people,[br]especially in C development,

9:59:59.000,9:59:59.000
kernel development, but also of course[br]consulting.

9:59:59.000,9:59:59.000
So please talk to me.

9:59:59.000,9:59:59.000
Some steps in history.

9:59:59.000,9:59:59.000
Some years ago, ???[br]2008, 2009,

9:59:59.000,9:59:59.000
I told the alioth channel

9:59:59.000,9:59:59.000
"Hey, if you need help, I can help with[br]system administration,

9:59:59.000,9:59:59.000
not the GForge stuff which is running[br]above,

9:59:59.000,9:59:59.000
but if you need help, tell me."

9:59:59.000,9:59:59.000
[Audience] Big mistake

9:59:59.000,9:59:59.000
Yeah.

9:59:59.000,9:59:59.000
One or two years went by,[br]and step by step

9:59:59.000,9:59:59.000
all alioth admins left.

9:59:59.000,9:59:59.000
We were alone in the channel.

9:59:59.000,9:59:59.000
And around that time, I detected

9:59:59.000,9:59:59.000
"Hey, I have sudo permissions[br]and I'm admin"

9:59:59.000,9:59:59.000
Somebody made me an admin.

9:59:59.000,9:59:59.000
So, I had to decide that I will be[br]the person that is the future alioth admin

9:59:59.000,9:59:59.000
and I stepped in.

9:59:59.000,9:59:59.000
So it was the beginning of our alioth[br]journey.

9:59:59.000,9:59:59.000
Then, in DebConf15, we had a long[br]'Birds of a Feather'

9:59:59.000,9:59:59.000
where we talked about several security[br]problems in collab-maint,

9:59:59.000,9:59:59.000
some of you are maybe not aware of it,

9:59:59.000,9:59:59.000
but since we use git at filesystem level[br]on alioth,

9:59:59.000,9:59:59.000
we are introducing a number of interesting[br]security problems

9:59:59.000,9:59:59.000
like if someone writes a hook, that hook[br]gets executed every time someone pushes.

9:59:59.000,9:59:59.000
So you have basically shell access.

9:59:59.000,9:59:59.000
And of course you execute it as[br]your own uid.

9:59:59.000,9:59:59.000
So, if some DM (Debian Maintainer) or even[br]not DM, nearly the whole world

9:59:59.000,9:59:59.000
has write access to collab-maint,

9:59:59.000,9:59:59.000
drops some hooks in,

9:59:59.000,9:59:59.000
it can make you execute code on Alioth[br]at your uid, which is a problem.

9:59:59.000,9:59:59.000
We did some things to solve that problem,[br]but the main problem remained.

9:59:59.000,9:59:59.000
So, along that time, we decided that we[br]would need a successor for git.debian.org.

9:59:59.000,9:59:59.000
At that point, we are talking about gitolite

9:59:59.000,9:59:59.000
which we evaluated at that time.

9:59:59.000,9:59:59.000
However, as ???

9:59:59.000,9:59:59.000
Two years went into the land and[br]nothing real happened,

9:59:59.000,9:59:59.000
we just played with it.

9:59:59.000,9:59:59.000
Then, May 2017, a thread comes up,[br]"Moving away from fusionforge".

9:59:59.000,9:59:59.000
What nobody was really aware of, is that[br]alioth is on a Wheezy machine

9:59:59.000,9:59:59.000
and Wheezy is ??? out of security[br]support end of the month.

9:59:59.000,9:59:59.000
So time was running up.

9:59:59.000,9:59:59.000
The thread was long as usual on[br]debian-devel and

9:59:59.000,9:59:59.000
we decided to do a few steps, like[br]evaluating things

9:59:59.000,9:59:59.000
and in June 2017, I did a survey about[br]our new alioth services.

9:59:59.000,9:59:59.000
It was clear at that point that I wouldn't[br]be able to maintain all the things

9:59:59.000,9:59:59.000
alioth had in the future

9:59:59.000,9:59:59.000
so we decided to just bring over[br]the important things.

9:59:59.000,9:59:59.000
What is important? For everyone,[br]everything else is important

9:59:59.000,9:59:59.000
so I decided to do a survey which was[br]pretty successful

9:59:59.000,9:59:59.000
with a few hundreds submissions.

9:59:59.000,9:59:59.000
Then, in…

9:59:59.000,9:59:59.000
Then we evaluated… "we" as probably "me",

9:59:59.000,9:59:59.000
evaluated a few solutions, named pagure,[br]which is the git solution Fedora is using,

9:59:59.000,9:59:59.000
which is a Python thing based on gitolite,

9:59:59.000,9:59:59.000
gitlab, which is the biggest Github[br]competitor

9:59:59.000,9:59:59.000
gogs/gitea, which is some golang-based[br]small git service.

9:59:59.000,9:59:59.000
pagure turned out to be not stable enough[br]for our needs

9:59:59.000,9:59:59.000
and we would have to do to much coding[br]inside pagure to use it in our infrastructure

9:59:59.000,9:59:59.000
because pagure is very strongly ???[br]with the Fedora infrastructure,

9:59:59.000,9:59:59.000
specially its user authentication and[br]user management stuff.

9:59:59.000,9:59:59.000
Gitlab had an other problem called[br]"opencore" and

9:59:59.000,9:59:59.000
"contributor license agreement"[br]which means

9:59:59.000,9:59:59.000
I and others were not very happy with[br]contributing code to Gitlab

9:59:59.000,9:59:59.000
which is something that will always[br]happen if you maintain such a service.

9:59:59.000,9:59:59.000
And gogs and gitea is nice but it's small

9:59:59.000,9:59:59.000
It will not be able to manage 10,000s[br]of repositories.

9:59:59.000,9:59:59.000
Next step happened in August 2017 when[br]we had a sprint here in Hamburg

9:59:59.000,9:59:59.000
at the hackerlab CCC on the other side[br]of the building,

9:59:59.000,9:59:59.000
where we talked about it.

9:59:59.000,9:59:59.000
After long discussions, we decided to go[br]with Gitlab

9:59:59.000,9:59:59.000
because Gitlab, at that point, was[br]the best solution that was already ready.

9:59:59.000,9:59:59.000
We didn't have to adapt too much, we don't[br]need to patch it

9:59:59.000,9:59:59.000
which turned out it isn't true, but it's[br]an other problem

9:59:59.000,9:59:59.000
It had features like continuous integration[br]ready,

9:59:59.000,9:59:59.000
it had features like code review ready,[br]wiki pretty good working

9:59:59.000,9:59:59.000
and ??? very scalable[br]in all directions

9:59:59.000,9:59:59.000
Every component is scalable which is[br]good for us.

9:59:59.000,9:59:59.000
This is a TODO point, I wanted to add[br]an image about the restaurant

9:59:59.000,9:59:59.000
where we decided on the name "salsa".

9:59:59.000,9:59:59.000
Somebody of you may ask yourself where[br]the name is coming from.

9:59:59.000,9:59:59.000
There's a small mexican restaurant[br]a few hundred meters from here

9:59:59.000,9:59:59.000
where you can get great burritos and[br]they have a painting at the back

9:59:59.000,9:59:59.000
with the term "salsa" written

9:59:59.000,9:59:59.000
and we were deciding on a name which[br]just not describes the type of service on it

9:59:59.000,9:59:59.000
so we wanted…

9:59:59.000,9:59:59.000
Yes, it's also a sauce. So salsa had sauce.

9:59:59.000,9:59:59.000
I wanted to call it Klaus, but we decided[br]against it so somebody came up

9:59:59.000,9:59:59.000
in the restaurant with the name "salsa"[br]and so it's called salsa.

9:59:59.000,9:59:59.000
In the meanwhile, we talked a lot with[br]the Gitlab people

9:59:59.000,9:59:59.000
which were very kind and helped us[br]with our problems.

9:59:59.000,9:59:59.000
We also talked with them about the CLA[br]problem and after some discussions,

9:59:59.000,9:59:59.000
the lawyer of SPI was also involved,

9:59:59.000,9:59:59.000
we made them to remove the CLA[br]and replace it with something better.

9:59:59.000,9:59:59.000
Contributing patches to Gitlab is now[br]much easier and better

9:59:59.000,9:59:59.000
which is something we are very proud of

9:59:59.000,9:59:59.000
[Applause]

9:59:59.000,9:59:59.000
And between November and the 25th of[br]December, we implemented salsa two times

9:59:59.000,9:59:59.000
First time on ???.debian.net where we had[br]root but

9:59:59.000,9:59:59.000
after more discussions we decided having[br]this maintained at a (debian).org box

9:59:59.000,9:59:59.000
would be better, which made us[br]??? ansible stuff

9:59:59.000,9:59:59.000
and develop a ??? to be able to install[br]gitlab as a non-privileged user

9:59:59.000,9:59:59.000
but we did that.

9:59:59.000,9:59:59.000
In Christmas, he was able to release[br]salsa into public beta.

9:59:59.000,9:59:59.000
Things went well, which allowed, at the[br]end of January, salsa to leave the beta

9:59:59.000,9:59:59.000
Since then it's official, our official[br]git successor.

9:59:59.000,9:59:59.000
What will happen in the future?

9:59:59.000,9:59:59.000
Oh no, this is already past.

9:59:59.000,9:59:59.000
On May, we disable user and project[br]creation on alioth.

9:59:59.000,9:59:59.000
Still in May, we disabled the not so much[br]used version control systems,

9:59:59.000,9:59:59.000
bazaar, mercurial and darcs

9:59:59.000,9:59:59.000
On Thursday (May 17th 2018), I disabled[br]projects web sites.

9:59:59.000,9:59:59.000
And this is future, at the end the month,

9:59:59.000,9:59:59.000
all other remaining version control systems[br]on alioth will get disabled.

9:59:59.000,9:59:59.000
So if you have anything running on alioth,[br]still running on alioth,

9:59:59.000,9:59:59.000
cron jobs are also disabled so[br]you don't have cron jobs enabled anymore

9:59:59.000,9:59:59.000
Be it whatever you think of, remove it.

9:59:59.000,9:59:59.000
1st of June, alioth will be off, you won't[br]be able to get any data anymore

9:59:59.000,9:59:59.000
from alioth.

9:59:59.000,9:59:59.000
You can get the ??? via DSA to get[br]subsequent backups, that's up to you

9:59:59.000,9:59:59.000
but I don't recommend it and they won't[br]like it.

9:59:59.000,9:59:59.000
Yeah

9:59:59.000,9:59:59.000
In June, alioth will come to an end.

9:59:59.000,9:59:59.000
It served us well for 10, 15 years, but[br]its time is over.

9:59:59.000,9:59:59.000
Some numbers.[br]Where are we now?

9:59:59.000,9:59:59.000
Yesterday (May 18th 2018), we had[br]23,700 repositories on gitlab,

9:59:59.000,9:59:59.000
3200 users, 400 groups, which sums up[br]around 90GB on disk, which is nice.

9:59:59.000,9:59:59.000
For a service running for more or less[br]6 months, it's a pretty nice number.

9:59:59.000,9:59:59.000
What are our future plans.

9:59:59.000,9:59:59.000
??? Docker registry, by now[br]you can use external registries

9:59:59.000,9:59:59.000
which is working

9:59:59.000,9:59:59.000
You can the gitlab registry for[br]Docker images

9:59:59.000,9:59:59.000
but it will be nicer to have our own[br]registry.

9:59:59.000,9:59:59.000
That is pretty high on my todo list, after[br]alioth is gone.

9:59:59.000,9:59:59.000
We want more runners, so you are able to[br]sponsor runners, if you have machines or

9:59:59.000,9:59:59.000
some money you want to spend on runners,[br]please tell us.

9:59:59.000,9:59:59.000
What are runners? Runners are the things[br]that are used by Gitlab CI to build code

9:59:59.000,9:59:59.000
or test code, or do things.

9:59:59.000,9:59:59.000
You can use it to build your packages,[br]you can use it to autopkgtest you packages

9:59:59.000,9:59:59.000
you can use it to build websites or[br]whatever you like.

9:59:59.000,9:59:59.000
It's pretty useful and I think using CI more[br]will be a big step forward for Debian.

9:59:59.000,9:59:59.000
We should really get more into it.

9:59:59.000,9:59:59.000
There are already some projects like[br]the reproducible builds, the debci guys

9:59:59.000,9:59:59.000
that are working on such stuff

9:59:59.000,9:59:59.000
and now we have the infrastructure that[br]every DD, every developer or package maintainer

9:59:59.000,9:59:59.000
can use it.

9:59:59.000,9:59:59.000
There's also an other feature called

9:59:59.000,9:59:59.000
"devops" which is based on kubernetes[br]which allows you to even

9:59:59.000,9:59:59.000
deploy and test things properly.

9:59:59.000,9:59:59.000
So if you have package which implements[br]a web service, you can even run

9:59:59.000,9:59:59.000
??? kubernetes part which runs[br]a web server,

9:59:59.000,9:59:59.000
you can test it, you can even record it,[br]do QA test and so on

9:59:59.000,9:59:59.000
all based on this devops feature which[br]would also be a nice thing.

9:59:59.000,9:59:59.000
By now, we don't have a kubernetes instance[br]we can use for it,

9:59:59.000,9:59:59.000
so if you have a spare kubernetes instance[br]you want to offer Debian,

9:59:59.000,9:59:59.000
please talk to us.

9:59:59.000,9:59:59.000
And integration with sso.debian.org,[br]which is another side project of mine

9:59:59.000,9:59:59.000
and some of ??? students, sitting there.

9:59:59.000,9:59:59.000
We want to build a successor for[br]the command sso.debian.org

9:59:59.000,9:59:59.000
which has a problem that it doesn't have[br]a user backend,

9:59:59.000,9:59:59.000
the user backend is alioth,[br]you see the problem

9:59:59.000,9:59:59.000
But it just the case for our guest users.

9:59:59.000,9:59:59.000
The official Debian Developers come from[br]the ldap which will still work,

9:59:59.000,9:59:59.000
but we have a problem with guest users,[br]so we currently don't have a way to

9:59:59.000,9:59:59.000
source for managing those guest users,[br]especially give additional groups like

9:59:59.000,9:59:59.000
"Hey, the user's a DM"

9:59:59.000,9:59:59.000
I would love to give all DMs access to[br]the Debian group, write access,

9:59:59.000,9:59:59.000
but I can't currently because I'm not able[br]to ???

9:59:59.000,9:59:59.000
which is something we want to solve with[br]the new sso.debian.org feature.

9:59:59.000,9:59:59.000
sso.debian.org should also develop a new[br]authentication protocol like OAuth2,

9:59:59.000,9:59:59.000
which we will use for salsa but new[br]services can also rely on,

9:59:59.000,9:59:59.000
??? a way from this certificate stuff[br]which is somewhat nice

9:59:59.000,9:59:59.000
but it's not that good integrated in most[br]browsers anymore

9:59:59.000,9:59:59.000
and it doesn't work that well.

9:59:59.000,9:59:59.000
We hope to have, we already have[br]a prototype, and we hope to have it live

9:59:59.000,9:59:59.000
until the end of the summer.

9:59:59.000,9:59:59.000
What we left behind.

9:59:59.000,9:59:59.000
We don't have shells anymore.

9:59:59.000,9:59:59.000
So you won't be able to run any cron jobs[br]or other stuff on salsa and

9:59:59.000,9:59:59.000
please don't ask, we won't give anyone[br]a shell on salsa.debian.org or godard

9:59:59.000,9:59:59.000
which is the host hosting it.

9:59:59.000,9:59:59.000
We hape APIs, several of them,[br]I will show them

9:59:59.000,9:59:59.000
Please use them, we won't run any[br]cron jobs or custom stuff on gitlab,

9:59:59.000,9:59:59.000
it was a nightmare on alioth to maintain[br]and to administrate

9:59:59.000,9:59:59.000
and I will never, never want to get[br]into this again.

9:59:59.000,9:59:59.000
What we also don't have are custom domains[br]which is a feature gitlab has, but

9:59:59.000,9:59:59.000
DSA decided against it, so you will have[br]to live with

9:59:59.000,9:59:59.000
projectname.pages.debian.net until[br]someone decides for that feature.

9:59:59.000,9:59:59.000
We also left behind old version…[br]not so much anymore version control systems

9:59:59.000,9:59:59.000
like darcs, bazaar, subversion which isn't[br]a problem,

9:59:59.000,9:59:59.000
but we also don't have cvs anymore,[br]which may be a surprise for someone

9:59:59.000,9:59:59.000
but Debian is still a heavy user of cvs,[br]especially for our web site

9:59:59.000,9:59:59.000
and translations.

9:59:59.000,9:59:59.000
But maybe they will now migrate faster[br]away from cvs.

9:59:59.000,9:59:59.000
They are working on it, I know,[br]they're working on it for 10 years

9:59:59.000,9:59:59.000
but things are getting faster and[br]they're making progress

9:59:59.000,9:59:59.000
in migrating away from cvs.

9:59:59.000,9:59:59.000
Yeah, ???, that's right,[br]we also left mercurial,

9:59:59.000,9:59:59.000
or whatever people have in their[br]home directory.

9:59:59.000,9:59:59.000
Yeah we also had rcs on alioth, there[br]were rcs repos, yes.

9:59:59.000,9:59:59.000
What we got instead.

9:59:59.000,9:59:59.000
We got a bunch of new features[br]we didn't have before.

9:59:59.000,9:59:59.000
So, this is such… maybe a start of new[br]ways of working in Debian,

9:59:59.000,9:59:59.000
we got a bunch of collaboration features.

9:59:59.000,9:59:59.000
In the past, collaboration often meant[br]finding the right mailing list,

9:59:59.000,9:59:59.000
sending a patch and hoping.

9:59:59.000,9:59:59.000
Now we can use merge requests, which[br]allow people to easily fork and

9:59:59.000,9:59:59.000
modify packages or repositories, and after[br]they are done, they can just hit a button

9:59:59.000,9:59:59.000
or whatever and create a nice merge[br]request which is already heavily used

9:59:59.000,9:59:59.000
by some projects like apt or dak or my own[br]redirector.

9:59:59.000,9:59:59.000
That allows ???, the admins[br]of those repositories/projects

9:59:59.000,9:59:59.000
to review code easily, they can add[br]comments, they can discuss with

9:59:59.000,9:59:59.000
??? people out of the mailing list.

9:59:59.000,9:59:59.000
If people update a bunch and they[br]commited, those merge requests

9:59:59.000,9:59:59.000
get updated which is a workflow we are[br]also using very heavily in our company

9:59:59.000,9:59:59.000
which is pretty nice in my eyes.

9:59:59.000,9:59:59.000
This also allows contribution to packages[br]from outside people

9:59:59.000,9:59:59.000
It lowers the barrier for people to[br]collaborate with Debian,

9:59:59.000,9:59:59.000
which is in my eyes a good feature,

9:59:59.000,9:59:59.000
something I always liked on Github and[br]I'm happy we are having it too now.

9:59:59.000,9:59:59.000
Gitlab has a nice feature of good, well[br]designed web frontend,

9:59:59.000,9:59:59.000
some things could be better, but it's[br]always the case,

9:59:59.000,9:59:59.000
but in most cases Gitlab is still[br]blazingly fast

9:59:59.000,9:59:59.000
except if you've hit some of the bugs[br]in the API

9:59:59.000,9:59:59.000
but that's an other problem.

9:59:59.000,9:59:59.000
And you can work with it.

9:59:59.000,9:59:59.000
If you don't like the web frontend,[br]use the API,

9:59:59.000,9:59:59.000
nearly everything the web frontend[br]supports is exposed via the API

9:59:59.000,9:59:59.000
And there are also a bunch of[br]command line clients

9:59:59.000,9:59:59.000
which can integrate into git to allow[br]things like merge requests,

9:59:59.000,9:59:59.000
allow you to process merge requests[br]from the command line

9:59:59.000,9:59:59.000
if you don't like web frontends.

9:59:59.000,9:59:59.000
You can also open merge requests[br]by e-mail if you still like it

9:59:59.000,9:59:59.000
you can just hit the right buttons,[br]you'll get a mail address

9:59:59.000,9:59:59.000
that you can use.

9:59:59.000,9:59:59.000
And if you send a patch to that mail address[br]you will create a merge request,

9:59:59.000,9:59:59.000
some of the not so known research.

9:59:59.000,9:59:59.000
Issues.

9:59:59.000,9:59:59.000
You can track todo items or bugs.

9:59:59.000,9:59:59.000
Please, this is not intended for Debian[br]packages,

9:59:59.000,9:59:59.000
so please don't replace the BTS

9:59:59.000,9:59:59.000
but using it as an issue tracker or todo[br]lists is great.

9:59:59.000,9:59:59.000
We are using it all the time.

9:59:59.000,9:59:59.000
We're also having some upstream projects[br]on salsa, like sane or ???

9:59:59.000,9:59:59.000
which is ???

9:59:59.000,9:59:59.000
So, they're using issues, that's fine too.

9:59:59.000,9:59:59.000
Issues are disabled by default for[br]a project,

9:59:59.000,9:59:59.000
but every project has ??? to just[br]enable it and to use it.

9:59:59.000,9:59:59.000
You have boards where you can organize[br]your work,

9:59:59.000,9:59:59.000
you can add sprints, you can add[br]milestones and other things,

9:59:59.000,9:59:59.000
all the basic stuff you need to have[br]an issue tracker is included.

9:59:59.000,9:59:59.000
And we also enabled reply by mail so[br]you don't have to use the web frontend,

9:59:59.000,9:59:59.000
you can just use your mail client[br]to reply ??? into gitlab.

9:59:59.000,9:59:59.000
You can also close issues by merge requests.

9:59:59.000,9:59:59.000
So, similar to our BTS, Gitlab has[br]this "closes" feature.

9:59:59.000,9:59:59.000
It's all the same. So "Close", "Closes"…[br]and so on, it's all the same

9:59:59.000,9:59:59.000
and we close here your issues.

9:59:59.000,9:59:59.000
You can even close issues in other[br]projects,

9:59:59.000,9:59:59.000
so if you have projects related together[br]and you fix something in another project

9:59:59.000,9:59:59.000
you can even close it with that syntax.

9:59:59.000,9:59:59.000
You can also create issues by mail,[br]which is basically the same

9:59:59.000,9:59:59.000
as for merge requests,

9:59:59.000,9:59:59.000
you have that "email new issue" button[br]where you get a custom mail address you can use

9:59:59.000,9:59:59.000
and then you can use that mail address[br]for the future

9:59:59.000,9:59:59.000
to submit bugs if you don't want to use[br]the issue tracker.

9:59:59.000,9:59:59.000
What we also got are webhooks.

9:59:59.000,9:59:59.000
Custom hooks are not anymore possible[br]because you don't have access to

9:59:59.000,9:59:59.000
the repositories directly

9:59:59.000,9:59:59.000
but what you can use are webhooks.

9:59:59.000,9:59:59.000
Webhooks are common standard in the[br]web world,

9:59:59.000,9:59:59.000
you can use them to react to events[br]in your repository,

9:59:59.000,9:59:59.000
events may be things like someone created[br]an issue, someone created a pull request,

9:59:59.000,9:59:59.000
someone pushed something, someone took[br]something, things like that.

9:59:59.000,9:59:59.000
And you can use those events to create[br]IRC notifications,

9:59:59.000,9:59:59.000
we have two IRC bots available for you[br]to use, which is KGB

9:59:59.000,9:59:59.000
and my own irker instance.

9:59:59.000,9:59:59.000
You can automatically close or tag[br]bugs

9:59:59.000,9:59:59.000
If you look into our documentation,[br]wiki.debian.org,

9:59:59.000,9:59:59.000
you find a small paragraph about it[br]where you can just,

9:59:59.000,9:59:59.000
as we did before, if you close a bug[br]and you enable the tag pending,

9:59:59.000,9:59:59.000
tag pending webhook, your bug will[br]be tagged automatically as pending

9:59:59.000,9:59:59.000
like before if you used the ???[br]hooks on alioth.

9:59:59.000,9:59:59.000
And you can also trigger external CI QA[br]systems, like Jenkins or SonarQube

9:59:59.000,9:59:59.000
or whatever you like to test you code.

9:59:59.000,9:59:59.000
In the future, we will also use it[br]for collab, for the collaboration stuff

9:59:59.000,9:59:59.000
from tincho, where we will just forward[br]every push happened on the whole salsa system

9:59:59.000,9:59:59.000
so you don't have to configure that[br]manually, it will happen automatically

9:59:59.000,9:59:59.000
So if you contribute something to Debian,[br]it will come up on collab.debian.net

9:59:59.000,9:59:59.000
If you want to provide webhooks but you[br]don't want to run your own web server,

9:59:59.000,9:59:59.000
you can come to us, which means you have[br]to code Ruby.

9:59:59.000,9:59:59.000
We have our own webhook server implementation[br]for salsa.debian.org,

9:59:59.000,9:59:59.000
which is currently also running on salsa,[br]but that must be the case in the future.

9:59:59.000,9:59:59.000
So, if you want to run a webhook, provide us[br]a patch for our webhook implementation

9:59:59.000,9:59:59.000
which is pluggable, so write a plugin which[br]listens to your webhooks,

9:59:59.000,9:59:59.000
provide a patch, a merge request and we'll[br]happily add it to our webhook implementation

9:59:59.000,9:59:59.000
so it can be used for everybody.

9:59:59.000,9:59:59.000
Documentation is in the wiki.

9:59:59.000,9:59:59.000
Currently provided hooks are, as already[br]mentioned, tagpending

9:59:59.000,9:59:59.000
which allows you to tag bug as pending if[br]you mention them in you changelog

9:59:59.000,9:59:59.000
and some project directly working with[br]commits are using the close webhook

9:59:59.000,9:59:59.000
which allows you to directly close[br]a bug with a commit

9:59:59.000,9:59:59.000
which is used by some web servers and[br]other stuff directly used in Debian.

9:59:59.000,9:59:59.000
One of the most powerful features we got[br]is Gitlab CI.

9:59:59.000,9:59:59.000
Gitlab CI is a system that allows[br]a continuous integration,

9:59:59.000,9:59:59.000
continuous development on salsa

9:59:59.000,9:59:59.000
and that allows you to build, test and[br]eventually deploy software and packages

9:59:59.000,9:59:59.000
from within Gitlab.

9:59:59.000,9:59:59.000
You can nearly do whatever you want[br]in this CI stuff,

9:59:59.000,9:59:59.000
you can compile ???, run linter,[br]run autopkgtest,

9:59:59.000,9:59:59.000
whatever you can imagine you can do.

9:59:59.000,9:59:59.000
We have two runners provided.

9:59:59.000,9:59:59.000
One of it is running as an ???[br]on Google cloud,

9:59:59.000,9:59:59.000
the other one is hardware sponsored[br]by a sponsor

9:59:59.000,9:59:59.000
and for every CI run, we launch a docker[br]container in it,

9:59:59.000,9:59:59.000
You can even provide an image you want[br]to use as this one

9:59:59.000,9:59:59.000
and then you can do whatever you want[br]with it.

9:59:59.000,9:59:59.000
But please don't do bitmining or[br]something like that,

9:59:59.000,9:59:59.000
be kind to them, we all have to use them[br]and we have only two of them,

9:59:59.000,9:59:59.000
so please, if you want to do something[br]bigger, talk to us

9:59:59.000,9:59:59.000
like the KDE people already did.

9:59:59.000,9:59:59.000
How to use it?

9:59:59.000,9:59:59.000
Using Gitlab CI is surprisingly easy.

9:59:59.000,9:59:59.000
There is this gitlab-ci.yml file which is[br]usually in the root of your repository

9:59:59.000,9:59:59.000
but you can add configuration to your[br]repository, for example to

9:59:59.000,9:59:59.000
add it to your /debian repository[br]which works better for

9:59:59.000,9:59:59.000
??? packages

9:59:59.000,9:59:59.000
or whatever you have, if you don't want to[br]clutter the upstream directories

9:59:59.000,9:59:59.000
of your gitlab-ci file.

9:59:59.000,9:59:59.000
[Question about potential conflicts with[br]gitlab-ci files from upstream]

9:59:59.000,9:59:59.000
We already have a bug opened on the[br]Gitlab issue tracker

9:59:59.000,9:59:59.000
that allows us to change the default name[br]of the gitlab-ci file because

9:59:59.000,9:59:59.000
currently, if you import an external[br]repository, which has a gitlab-ci file

9:59:59.000,9:59:59.000
which can happen,

9:59:59.000,9:59:59.000
if we ??? run on our infrastructure[br]and for example,

9:59:59.000,9:59:59.000
it's ansible or some other project[br]???

9:59:59.000,9:59:59.000
for every upstream commit, salsa will[br]??? run our runners

9:59:59.000,9:59:59.000
and build the pipeline.

9:59:59.000,9:59:59.000
After you edit your file, that's it.

9:59:59.000,9:59:59.000
From then on, you can watch every commit[br]happening on your pipeline.

9:59:59.000,9:59:59.000
This is a simple gitlab-ci file, gitlab-ci[br]files are yaml-based,

9:59:59.000,9:59:59.000
documentation is in the Gitlab repository,[br]the documentation repository and

9:59:59.000,9:59:59.000
as you can see, it's pretty easy, you have[br]a pre-step, which allows you to do things

9:59:59.000,9:59:59.000
like installing dependencies which is[br]what's happening here.

9:59:59.000,9:59:59.000
Since Gitlab CI is running a detached[br]head, if you want to ???

9:59:59.000,9:59:59.000
use git buildpackage, we will have to[br]checkout master

9:59:59.000,9:59:59.000
for it to properly work,

9:59:59.000,9:59:59.000
then you can do a git pull, git buildpackage[br]and, after that,

9:59:59.000,9:59:59.000
you have build your package.

9:59:59.000,9:59:59.000
That's basically all.

9:59:59.000,9:59:59.000
You can also use artifacts.

9:59:59.000,9:59:59.000
Artifacts allow you to… keep a build[br]artifact for downloading, so

9:59:59.000,9:59:59.000
if you want someone to use a package,[br]you can just add an artifact stanza here

9:59:59.000,9:59:59.000
and that allows you to later download[br]your deb files.

9:59:59.000,9:59:59.000
Now that doesn't allow you to create[br]a repository ???

9:59:59.000,9:59:59.000
but it's an other problem.

9:59:59.000,9:59:59.000
If it's too much, you can also use the[br]??? yesterday

9:59:59.000,9:59:59.000
This is a prepared docker container which[br]is prepared for git buildpackage and

9:59:59.000,9:59:59.000
all you have to do is to execute this.

9:59:59.000,9:59:59.000
After that, you have Gitlab CI.

9:59:59.000,9:59:59.000
[Applause]

9:59:59.000,9:59:59.000
I don't know who provided it, but it popped[br]up in the wiki yesterday

9:59:59.000,9:59:59.000
or something like that.

9:59:59.000,9:59:59.000
We also have Gitlab pages.

9:59:59.000,9:59:59.000
Gitlab pages are like Github pages and[br]allow you to host web sites,

9:59:59.000,9:59:59.000
static web sites from within Gitlab.

9:59:59.000,9:59:59.000
Internally they also use Gitlab CI, so[br]you provide a Gitlab CI job

9:59:59.000,9:59:59.000
that just deploys your website, so[br]it's nothing to do

9:59:59.000,9:59:59.000
and here's our build artifact feature.

9:59:59.000,9:59:59.000
All we do here is just add those public[br]files in the public directory to our pages

9:59:59.000,9:59:59.000
and we only do this on the master branch

9:59:59.000,9:59:59.000
and basically that's it.

9:59:59.000,9:59:59.000
The magic is happening here, it's the[br]"pages" step and

9:59:59.000,9:59:59.000
if you correctly configure pages in your[br]repository configuration,

9:59:59.000,9:59:59.000
you have a Gitlab page after that.

9:59:59.000,9:59:59.000
You can also do more fancy things like[br]a Hugo web site,

9:59:59.000,9:59:59.000
just depend on a docker image which has[br]hugo installed

9:59:59.000,9:59:59.000
and then execute a script which builds[br]Hugo, add some artifacts

9:59:59.000,9:59:59.000
and after that you have a Hugo website.

9:59:59.000,9:59:59.000
You can also use it for blogs, you can[br]use it in personal repositories,

9:59:59.000,9:59:59.000
then for example for your own web site[br]or blogs.

9:59:59.000,9:59:59.000
Of course, it's not intended to serve[br]big web sites

9:59:59.000,9:59:59.000
but providing blogs for planet.debian.org[br]is perfectly fine, for example

9:59:59.000,9:59:59.000
or web site of ??? project or[br]whatever is Debian-related.

9:59:59.000,9:59:59.000
This brings me to an other topic[br]not mentioned in my slides

9:59:59.000,9:59:59.000
some people asked us what is fine to host[br]on salsa.

9:59:59.000,9:59:59.000
As long as it's open source, as long as[br]it's intended to be Debian-related

9:59:59.000,9:59:59.000
or open source related or can be included[br]in Debian,

9:59:59.000,9:59:59.000
it's perfectly fine to host it on salsa.

9:59:59.000,9:59:59.000
So we invite every upstream which is[br]looking for a home,

9:59:59.000,9:59:59.000
like the SANE guys, to host them[br]on salsa.

9:59:59.000,9:59:59.000
What we got with the latest major version[br]is a web editor

9:59:59.000,9:59:59.000
which is pretty new,

9:59:59.000,9:59:59.000
probably buggy, but it works.

9:59:59.000,9:59:59.000
So, if you don't want to clone[br]a repository

9:59:59.000,9:59:59.000
or you have just to have simple changes,[br]you can add your file in the web editor,

9:59:59.000,9:59:59.000
you get a web editor with syntax[br]highlighting,

9:59:59.000,9:59:59.000
you get even a markdown preview if you[br]just do documentation,

9:59:59.000,9:59:59.000
so that's great for every one just doing[br]documentation

9:59:59.000,9:59:59.000
that doesn't want to ??? with git

9:59:59.000,9:59:59.000
or the code inside, you can even[br]preview it,

9:59:59.000,9:59:59.000
then you can write a commit message,

9:59:59.000,9:59:59.000
and that's it.

9:59:59.000,9:59:59.000
What we also have is two-factor[br]authentication, which is a security feature

9:59:59.000,9:59:59.000
that allows you to add a second factor[br]to your Gitlab login.

9:59:59.000,9:59:59.000
I can only recommend to use it, that's[br]well integrated and adds a lot of security.

9:59:59.000,9:59:59.000
It works with Yubikeys or any U2F-compatible[br]key

9:59:59.000,9:59:59.000
and also with software solutions that[br]implement TOTP,

9:59:59.000,9:59:59.000
time-based one time passwords.

9:59:59.000,9:59:59.000
So every TOTP-compatible generator also[br]works, for example the Google authenticator

9:59:59.000,9:59:59.000
but there are also others which are[br]open source, that all works.

9:59:59.000,9:59:59.000
Adding it is easy.

9:59:59.000,9:59:59.000
???

9:59:59.000,9:59:59.000
It's easy.

9:59:59.000,9:59:59.000
What you can't see now is me getting[br]my smartphone out,

9:59:59.000,9:59:59.000
scanning the bar code, generating a PIN[br]code,

9:59:59.000,9:59:59.000
and in 2 seconds I will enter the PIN code

9:59:59.000,9:59:59.000
What you see here are recovery codes,

9:59:59.000,9:59:59.000
I will mention them in a few minutes.

9:59:59.000,9:59:59.000
You can use them to recover your account[br]if you lost your one-time password generator

9:59:59.000,9:59:59.000
So, if I log in now,

9:59:59.000,9:59:59.000
I have to use my smartphone to generate[br]an authentication code, add it,

9:59:59.000,9:59:59.000
and now I'm in, that's it.

9:59:59.000,9:59:59.000
So it's pretty easy.

9:59:59.000,9:59:59.000
Some people say "Oh, what if I lost[br]my token, that is such much work."

9:59:59.000,9:59:59.000
No, it's easy.

9:59:59.000,9:59:59.000
If you want to recover your token,[br]I do that all the time,

9:59:59.000,9:59:59.000
you can just use SSH and do[br]"ssh git@salsa.debian.org"

9:59:59.000,9:59:59.000
and the command "2fa_recovery_codes"[br]which will generate you

9:59:59.000,9:59:59.000
a number of new recovery codes.