salsa.debian.org state of affairs
-
Not SyncedOk, welcome back to the second session
of the day. -
Not SyncedIt's going to be Alexander Wirt talking
about salsa.debian.org. -
Not Synced[Applause]
-
Not SyncedThank you, good morning.
-
Not SyncedI usually don't give talks in english,
so please be nice to me. -
Not SyncedHowever, I'm here.
-
Not SyncedI want to talk today about our journey
for Alioth -
Not Syncedwhich is still running, but not for long
anymore, -
Not Syncedto our new service, salsa.
-
Not SyncedI want to get a little bit into the history
of old things -
Not Syncedand what we have already achieved,
what we still need to achieve -
Not Syncedand what are our plans for the future.
-
Not SyncedLet's start with the basic things,
who am I. -
Not SyncedI am the guy who rejects the mails
on lists.debian.org, -
Not SyncedI am a listmaster.
-
Not SyncedI am the guy that rejects your backports.
-
Not SyncedI am the backports ftp master.
-
Not SyncedAnd I am the guy that will destroy
alioth.debian.org. -
Not SyncedFor the last ten years
-
Not Synced[Applause]
-
Not SyncedI was an admin by accident of
alioth.debian.org. -
Not SyncedThis is another story I will tell you
in a few minutes. -
Not SyncedBeside from that, I work as an OpenSource
consultant at credativ, -
Not Syncedwhich is a small company in Germany
which is specialized in OpenSource, -
Not Syncedwe only do OpenSource consulting
in Germany. -
Not SyncedWe do what today is called DevOps,
we do every kind of consulting. -
Not SyncedIf you do something with OpenSource,
we are probably the ones you can talk with. -
Not SyncedI am a father of two wonderful girls,
-
Not Syncedthey're not here unfortunately,
-
Not Syncedbut otherwise I wouldn't be able
to work. -
Not SyncedAnd in my little bit spare time, I do
role playing games and Tabletop games. -
Not SyncedIn theory there should be a picture now.
-
Not SyncedThere's a picture missing,
I don't know why, -
Not Syncedwhich should tell "We need you".
-
Not SyncedA little bit of advertisement, if you
want to do OpenSource work in Germany, -
Not Syncedpaid,
-
Not Syncedand you need a job, please talk to me.
-
Not SyncedWe are always looking for good people,
especially in C development, -
Not Syncedkernel development, but also of course
consulting. -
Not SyncedSo please talk to me.
-
Not SyncedSome steps in history.
-
Not SyncedSome years ago, ???
2008, 2009, -
Not SyncedI told the alioth channel
-
Not Synced"Hey, if you need help, I can help with
system administration, -
Not Syncednot the GForge stuff which is running
above, -
Not Syncedbut if you need help, tell me."
-
Not Synced[Audience] Big mistake
-
Not SyncedYeah.
-
Not SyncedOne or two years went by,
and step by step -
Not Syncedall alioth admins left.
-
Not SyncedWe were alone in the channel.
-
Not SyncedAnd around that time, I detected
-
Not Synced"Hey, I have sudo permissions
and I'm admin" -
Not SyncedSomebody made me an admin.
-
Not SyncedSo, I had to decide that I will be
the person that is the future alioth admin -
Not Syncedand I stepped in.
-
Not SyncedSo it was the beginning of our alioth
journey. -
Not SyncedThen, in DebConf15, we had a long
'Birds of a Feather' -
Not Syncedwhere we talked about several security
problems in collab-maint, -
Not Syncedsome of you are maybe not aware of it,
-
Not Syncedbut since we use git at filesystem level
on alioth, -
Not Syncedwe are introducing a number of interesting
security problems -
Not Syncedlike if someone writes a hook, that hook
gets executed every time someone pushes. -
Not SyncedSo you have basically shell access.
-
Not SyncedAnd of course you execute it as
your own uid. -
Not SyncedSo, if some DM (Debian Maintainer) or even
not DM, nearly the whole world -
Not Syncedhas write access to collab-maint,
-
Not Synceddrops some hooks in,
-
Not Syncedit can make you execute code on Alioth
at your uid, which is a problem. -
Not SyncedWe did some things to solve that problem,
but the main problem remained. -
Not SyncedSo, along that time, we decided that we
would need a successor for git.debian.org. -
Not SyncedAt that point, we are talking about gitolite
-
Not Syncedwhich we evaluated at that time.
-
Not SyncedHowever, as ???
-
Not SyncedTwo years went into the land and
nothing real happened, -
Not Syncedwe just played with it.
-
Not SyncedThen, May 2017, a thread comes up,
"Moving away from fusionforge". -
Not SyncedWhat nobody was really aware of, is that
alioth is on a Wheezy machine -
Not Syncedand Wheezy is ??? out of security
support end of the month. -
Not SyncedSo time was running up.
-
Not SyncedThe thread was long as usual on
debian-devel and -
Not Syncedwe decided to do a few steps, like
evaluating things -
Not Syncedand in June 2017, I did a survey about
our new alioth services. -
Not SyncedIt was clear at that point that I wouldn't
be able to maintain all the things -
Not Syncedalioth had in the future
-
Not Syncedso we decided to just bring over
the important things. -
Not SyncedWhat is important? For everyone,
everything else is important -
Not Syncedso I decided to do a survey which was
pretty successful -
Not Syncedwith a few hundreds submissions.
-
Not SyncedThen, in…
-
Not SyncedThen we evaluated… "we" as probably "me",
-
Not Syncedevaluated a few solutions, named pagure,
which is the git solution Fedora is using, -
Not Syncedwhich is a Python thing based on gitolite,
-
Not Syncedgitlab, which is the biggest Github
competitor -
Not Syncedgogs/gitea, which is some golang-based
small git service. -
Not Syncedpagure turned out to be not stable enough
for our needs -
Not Syncedand we would have to do to much coding
inside pagure to use it in our infrastructure -
Not Syncedbecause pagure is very strongly ???
with the Fedora infrastructure, -
Not Syncedspecially its user authentication and
user management stuff. -
Not SyncedGitlab had an other problem called
"opencore" and -
Not Synced"contributor license agreement"
which means -
Not SyncedI and others were not very happy with
contributing code to Gitlab -
Not Syncedwhich is something that will always
happen if you maintain such a service. -
Not SyncedAnd gogs and gitea is nice but it's small
-
Not SyncedIt will not be able to manage 10,000s
of repositories. -
Not SyncedNext step happened in August 2017 when
we had a sprint here in Hamburg -
Not Syncedat the hackerlab CCC on the other side
of the building, -
Not Syncedwhere we talked about it.
-
Not SyncedAfter long discussions, we decided to go
with Gitlab -
Not Syncedbecause Gitlab, at that point, was
the best solution that was already ready. -
Not SyncedWe didn't have to adapt too much, we don't
need to patch it -
Not Syncedwhich turned out it isn't true, but it's
an other problem -
Not SyncedIt had features like continuous integration
ready, -
Not Syncedit had features like code review ready,
wiki pretty good working -
Not Syncedand ??? very scalable
in all directions -
Not SyncedEvery component is scalable which is
good for us. -
Not SyncedThis is a TODO point, I wanted to add
an image about the restaurant -
Not Syncedwhere we decided on the name "salsa".
-
Not SyncedSomebody of you may ask yourself where
the name is coming from. -
Not SyncedThere's a small mexican restaurant
a few hundred meters from here -
Not Syncedwhere you can get great burritos and
they have a painting at the back -
Not Syncedwith the term "salsa" written
-
Not Syncedand we were deciding on a name which
just not describes the type of service on it -
Not Syncedso we wanted…
-
Not SyncedYes, it's also a sauce. So salsa had sauce.
-
Not SyncedI wanted to call it Klaus, but we decided
against it so somebody came up -
Not Syncedin the restaurant with the name "salsa"
and so it's called salsa. -
Not SyncedIn the meanwhile, we talked a lot with
the Gitlab people -
Not Syncedwhich were very kind and helped us
with our problems. -
Not SyncedWe also talked with them about the CLA
problem and after some discussions, -
Not Syncedthe lawyer of SPI was also involved,
-
Not Syncedwe made them to remove the CLA
and replace it with something better. -
Not SyncedContributing patches to Gitlab is now
much easier and better -
Not Syncedwhich is something we are very proud of
-
Not Synced[Applause]
-
Not SyncedAnd between November and the 25th of
December, we implemented salsa two times -
Not SyncedFirst time on ???.debian.net where we had
root but -
Not Syncedafter more discussions we decided having
this maintained at a (debian).org box -
Not Syncedwould be better, which made us
??? ansible stuff -
Not Syncedand develop a ??? to be able to install
gitlab as a non-privileged user -
Not Syncedbut we did that.
-
Not SyncedIn Christmas, he was able to release
salsa into public beta. -
Not SyncedThings went well, which allowed, at the
end of January, salsa to leave the beta -
Not SyncedSince then it's official, our official
git successor. -
Not SyncedWhat will happen in the future?
-
Not SyncedOh no, this is already past.
-
Not SyncedOn May, we disable user and project
creation on alioth. -
Not SyncedStill in May, we disabled the not so much
used version control systems, -
Not Syncedbazaar, mercurial and darcs
-
Not SyncedOn Thursday (May 17th 2018), I disabled
projects web sites. -
Not SyncedAnd this is future, at the end the month,
-
Not Syncedall other remaining version control systems
on alioth will get disabled. -
Not SyncedSo if you have anything running on alioth,
still running on alioth, -
Not Syncedcron jobs are also disabled so
you don't have cron jobs enabled anymore -
Not SyncedBe it whatever you think of, remove it.
-
Not Synced1st of June, alioth will be off, you won't
be able to get any data anymore -
Not Syncedfrom alioth.
-
Not SyncedYou can get the ??? via DSA to get
subsequent backups, that's up to you -
Not Syncedbut I don't recommend it and they won't
like it. -
Not SyncedYeah
-
Not SyncedIn June, alioth will come to an end.
-
Not SyncedIt served us well for 10, 15 years, but
its time is over. -
Not SyncedSome numbers.
Where are we now? -
Not SyncedYesterday (May 18th 2018), we had
23,700 repositories on gitlab, -
Not Synced3200 users, 400 groups, which sums up
around 90GB on disk, which is nice. -
Not SyncedFor a service running for more or less
6 months, it's a pretty nice number. -
Not SyncedWhat are our future plans.
-
Not Synced??? Docker registry, by now
you can use external registries -
Not Syncedwhich is working
-
Not SyncedYou can the gitlab registry for
Docker images -
Not Syncedbut it will be nicer to have our own
registry. -
Not SyncedThat is pretty high on my todo list, after
alioth is gone. -
Not SyncedWe want more runners, so you are able to
sponsor runners, if you have machines or -
Not Syncedsome money you want to spend on runners,
please tell us. -
Not SyncedWhat are runners? Runners are the things
that are used by Gitlab CI to build code -
Not Syncedor test code, or do things.
-
Not SyncedYou can use it to build your packages,
you can use it to autopkgtest you packages -
Not Syncedyou can use it to build websites or
whatever you like. -
Not SyncedIt's pretty useful and I think using CI more
will be a big step forward for Debian. -
Not SyncedWe should really get more into it.
-
Not SyncedThere are already some projects like
the reproducible builds, the debci guys -
Not Syncedthat are working on such stuff
-
Not Syncedand now we have the infrastructure that
every DD, every developer or package maintainer -
Not Syncedcan use it.
-
Not SyncedThere's also an other feature called
-
Not Synced"devops" which is based on kubernetes
which allows you to even -
Not Synceddeploy and test things properly.
-
Not SyncedSo if you have package which implements
a web service, you can even run -
Not Synced??? kubernetes part which runs
a web server, -
Not Syncedyou can test it, you can even record it,
do QA test and so on -
Not Syncedall based on this devops feature which
would also be a nice thing. -
Not SyncedBy now, we don't have a kubernetes instance
we can use for it, -
Not Syncedso if you have a spare kubernetes instance
you want to offer Debian, -
Not Syncedplease talk to us.
-
Not SyncedAnd integration with sso.debian.org,
which is another side project of mine -
Not Syncedand some of ??? students, sitting there.
-
Not SyncedWe want to build a successor for
the command sso.debian.org -
Not Syncedwhich has a problem that it doesn't have
a user backend, -
Not Syncedthe user backend is alioth,
you see the problem -
Not SyncedBut it just the case for our guest users.
-
Not SyncedThe official Debian Developers come from
the ldap which will still work, -
Not Syncedbut we have a problem with guest users,
so we currently don't have a way to -
Not Syncedsource for managing those guest users,
especially give additional groups like -
Not Synced"Hey, the user's a DM"
-
Not SyncedI would love to give all DMs access to
the Debian group, write access, -
Not Syncedbut I can't currently because I'm not able
to ??? -
Not Syncedwhich is something we want to solve with
the new sso.debian.org feature. -
Not Syncedsso.debian.org should also develop a new
authentication protocol like OAuth2, -
Not Syncedwhich we will use for salsa but new
services can also rely on, -
Not Synced??? a way from this certificate stuff
which is somewhat nice -
Not Syncedbut it's not that good integrated in most
browsers anymore -
Not Syncedand it doesn't work that well.
-
Not SyncedWe hope to have, we already have
a prototype, and we hope to have it live -
Not Synceduntil the end of the summer.
-
Not SyncedWhat we left behind.
-
Not SyncedWe don't have shells anymore.
-
Not SyncedSo you won't be able to run any cron jobs
or other stuff on salsa and -
Not Syncedplease don't ask, we won't give anyone
a shell on salsa.debian.org or godard -
Not Syncedwhich is the host hosting it.
-
Not SyncedWe hape APIs, several of them,
I will show them -
Not SyncedPlease use them, we won't run any
cron jobs or custom stuff on gitlab, -
Not Syncedit was a nightmare on alioth to maintain
and to administrate -
Not Syncedand I will never, never want to get
into this again. -
Not SyncedWhat we also don't have are custom domains
which is a feature gitlab has, but -
Not SyncedDSA decided against it, so you will have
to live with -
Not Syncedprojectname.pages.debian.net until
someone decides for that feature. -
Not SyncedWe also left behind old version…
not so much anymore version control systems -
Not Syncedlike darcs, bazaar, subversion which isn't
a problem, -
Not Syncedbut we also don't have cvs anymore,
which may be a surprise for someone -
Not Syncedbut Debian is still a heavy user of cvs,
especially for our web site -
Not Syncedand translations.
-
Not SyncedBut maybe they will now migrate faster
away from cvs. -
Not SyncedThey are working on it, I know,
they're working on it for 10 years -
Not Syncedbut things are getting faster and
they're making progress -
Not Syncedin migrating away from cvs.
-
Not SyncedYeah, ???, that's right,
we also left mercurial, -
Not Syncedor whatever people have in their
home directory. -
Not SyncedYeah we also had rcs on alioth, there
were rcs repos, yes. -
Not SyncedWhat we got instead.
-
Not SyncedWe got a bunch of new features
we didn't have before. -
Not SyncedSo, this is such… maybe a start of new
ways of working in Debian, -
Not Syncedwe got a bunch of collaboration features.
-
Not SyncedIn the past, collaboration often meant
finding the right mailing list, -
Not Syncedsending a patch and hoping.
-
Not SyncedNow we can use merge requests, which
allow people to easily fork and -
Not Syncedmodify packages or repositories, and after
they are done, they can just hit a button -
Not Syncedor whatever and create a nice merge
request which is already heavily used -
Not Syncedby some projects like apt or dak or my own
redirector. -
Not SyncedThat allows ???, the admins
of those repositories/projects -
Not Syncedto review code easily, they can add
comments, they can discuss with -
Not Synced??? people out of the mailing list.
-
Not SyncedIf people update a bunch and they
commited, those merge requests -
Not Syncedget updated which is a workflow we are
also using very heavily in our company -
Not Syncedwhich is pretty nice in my eyes.
-
Not SyncedThis also allows contribution to packages
from outside people -
Not SyncedIt lowers the barrier for people to
collaborate with Debian, -
Not Syncedwhich is in my eyes a good feature,
-
Not Syncedsomething I always liked on Github and
I'm happy we are having it too now. -
Not SyncedGitlab has a nice feature of good, well
designed web frontend, -
Not Syncedsome things could be better, but it's
always the case, -
Not Syncedbut in most cases Gitlab is still
blazingly fast -
Not Syncedexcept if you've hit some of the bugs
in the API -
Not Syncedbut that's an other problem.
-
Not SyncedAnd you can work with it.
-
Not SyncedIf you don't like the web frontend,
use the API, -
Not Syncednearly everything the web frontend
supports is exposed via the API -
Not SyncedAnd there are also a bunch of
command line clients -
Not Syncedwhich can integrate into git to allow
things like merge requests, -
Not Syncedallow you to process merge requests
from the command line -
Not Syncedif you don't like web frontends.
-
Not SyncedYou can also open merge requests
by e-mail if you still like it -
Not Syncedyou can just hit the right buttons,
you'll get a mail address -
Not Syncedthat you can use.
-
Not SyncedAnd if you send a patch to that mail address
you will create a merge request, -
Not Syncedsome of the not so known research.
-
Not SyncedIssues.
-
Not SyncedYou can track todo items or bugs.
-
Not SyncedPlease, this is not intended for Debian
packages, -
Not Syncedso please don't replace the BTS
-
Not Syncedbut using it as an issue tracker or todo
lists is great. -
Not SyncedWe are using it all the time.
-
Not SyncedWe're also having some upstream projects
on salsa, like sane or ??? -
Not Syncedwhich is ???
-
Not SyncedSo, they're using issues, that's fine too.
-
Not SyncedIssues are disabled by default for
a project, -
Not Syncedbut every project has ??? to just
enable it and to use it. -
Not SyncedYou have boards where you can organize
your work, -
Not Syncedyou can add sprints, you can add
milestones and other things, -
Not Syncedall the basic stuff you need to have
an issue tracker is included. -
Not SyncedAnd we also enabled reply by mail so
you don't have to use the web frontend, -
Not Syncedyou can just use your mail client
to reply ??? into gitlab. -
Not SyncedYou can also close issues by merge requests.
-
Not SyncedSo, similar to our BTS, Gitlab has
this "closes" feature. -
Not SyncedIt's all the same. So "Close", "Closes"…
and so on, it's all the same -
Not Syncedand we close here your issues.
-
Not SyncedYou can even close issues in other
projects, -
Not Syncedso if you have projects related together
and you fix something in another project -
Not Syncedyou can even close it with that syntax.
-
Not SyncedYou can also create issues by mail,
which is basically the same -
Not Syncedas for merge requests,
-
Not Syncedyou have that "email new issue" button
where you get a custom mail address you can use -
Not Syncedand then you can use that mail address
for the future -
Not Syncedto submit bugs if you don't want to use
the issue tracker. -
Not SyncedWhat we also got are webhooks.
-
Not SyncedCustom hooks are not anymore possible
because you don't have access to -
Not Syncedthe repositories directly
-
Not Syncedbut what you can use are webhooks.
-
Not SyncedWebhooks are common standard in the
web world, -
Not Syncedyou can use them to react to events
in your repository, -
Not Syncedevents may be things like someone created
an issue, someone created a pull request, -
Not Syncedsomeone pushed something, someone took
something, things like that. -
Not SyncedAnd you can use those events to create
IRC notifications, -
Not Syncedwe have two IRC bots available for you
to use, which is KGB -
Not Syncedand my own irker instance.
-
Not SyncedYou can automatically close or tag
bugs -
Not SyncedIf you look into our documentation,
wiki.debian.org, -
Not Syncedyou find a small paragraph about it
where you can just, -
Not Syncedas we did before, if you close a bug
and you enable the tag pending, -
Not Syncedtag pending webhook, your bug will
be tagged automatically as pending -
Not Syncedlike before if you used the ???
hooks on alioth. -
Not SyncedAnd you can also trigger external CI QA
systems, like Jenkins or SonarQube -
Not Syncedor whatever you like to test you code.
-
Not SyncedIn the future, we will also use it
for collab, for the collaboration stuff -
Not Syncedfrom tincho, where we will just forward
every push happened on the whole salsa system -
Not Syncedso you don't have to configure that
manually, it will happen automatically -
Not SyncedSo if you contribute something to Debian,
it will come up on collab.debian.net -
Not SyncedIf you want to provide webhooks but you
don't want to run your own web server, -
Not Syncedyou can come to us, which means you have
to code Ruby. -
Not SyncedWe have our own webhook server implementation
for salsa.debian.org, -
Not Syncedwhich is currently also running on salsa,
but that must be the case in the future. -
Not SyncedSo, if you want to run a webhook, provide us
a patch for our webhook implementation -
Not Syncedwhich is pluggable, so write a plugin which
listens to your webhooks, -
Not Syncedprovide a patch, a merge request and we'll
happily add it to our webhook implementation -
Not Syncedso it can be used for everybody.
-
Not SyncedDocumentation is in the wiki.
-
Not SyncedCurrently provided hooks are, as already
mentioned, tagpending -
Not Syncedwhich allows you to tag bug as pending if
you mention them in you changelog -
Not Syncedand some project directly working with
commits are using the close webhook -
Not Syncedwhich allows you to directly close
a bug with a commit -
Not Syncedwhich is used by some web servers and
other stuff directly used in Debian. -
Not SyncedOne of the most powerful features we got
is Gitlab CI. -
Not SyncedGitlab CI is a system that allows
a continuous integration, -
Not Syncedcontinuous development on salsa
-
Not Syncedand that allows you to build, test and
eventually deploy software and packages -
Not Syncedfrom within Gitlab.
-
Not SyncedYou can nearly do whatever you want
in this CI stuff, -
Not Syncedyou can compile ???, run linter,
run autopkgtest, -
Not Syncedwhatever you can imagine you can do.
-
Not SyncedWe have two runners provided.
-
Not SyncedOne of it is running as an ???
on Google cloud, -
Not Syncedthe other one is hardware sponsored
by a sponsor -
Not Syncedand for every CI run, we launch a docker
container in it, -
Not SyncedYou can even provide an image you want
to use as this one -
Not Syncedand then you can do whatever you want
with it. -
Not SyncedBut please don't do bitmining or
something like that, -
Not Syncedbe kind to them, we all have to use them
and we have only two of them, -
Not Syncedso please, if you want to do something
bigger, talk to us -
Not Syncedlike the KDE people already did.
-
Not SyncedHow to use it?
-
Not SyncedUsing Gitlab CI is surprisingly easy.
-
Not SyncedThere is this gitlab-ci.yml file which is
usually in the root of your repository -
Not Syncedbut you can add configuration to your
repository, for example to -
Not Syncedadd it to your /debian repository
which works better for -
Not Synced??? packages
-
Not Syncedor whatever you have, if you don't want to
clutter the upstream directories -
Not Syncedof your gitlab-ci file.
-
Not Synced[Question about potential conflicts with
gitlab-ci files from upstream] -
Not SyncedWe already have a bug opened on the
Gitlab issue tracker -
Not Syncedthat allows us to change the default name
of the gitlab-ci file because -
Not Syncedcurrently, if you import an external
repository, which has a gitlab-ci file -
Not Syncedwhich can happen,
-
Not Syncedif we ??? run on our infrastructure
and for example, -
Not Syncedit's ansible or some other project
??? -
Not Syncedfor every upstream commit, salsa will
??? run our runners -
Not Syncedand build the pipeline.
-
Not SyncedAfter you edit your file, that's it.
-
Not SyncedFrom then on, you can watch every commit
happening on your pipeline. -
Not SyncedThis is a simple gitlab-ci file, gitlab-ci
files are yaml-based, -
Not Synceddocumentation is in the Gitlab repository,
the documentation repository and -
Not Syncedas you can see, it's pretty easy, you have
a pre-step, which allows you to do things -
Not Syncedlike installing dependencies which is
what's happening here. -
Not SyncedSince Gitlab CI is running a detached
head, if you want to ??? -
Not Synceduse git buildpackage, we will have to
checkout master -
Not Syncedfor it to properly work,
-
Not Syncedthen you can do a git pull, git buildpackage
and, after that, -
Not Syncedyou have build your package.
-
Not SyncedThat's basically all.
-
Not SyncedYou can also use artifacts.
-
Not SyncedArtifacts allow you to… keep a build
artifact for downloading, so -
Not Syncedif you want someone to use a package,
you can just add an artifact stanza here -
Not Syncedand that allows you to later download
your deb files. -
Not SyncedNow that doesn't allow you to create
a repository ??? -
Not Syncedbut it's an other problem.
-
Not SyncedIf it's too much, you can also use the
??? yesterday -
Not SyncedThis is a prepared docker container which
is prepared for git buildpackage and -
Not Syncedall you have to do is to execute this.
-
Not SyncedAfter that, you have Gitlab CI.
-
Not Synced[Applause]
-
Not SyncedI don't know who provided it, but it popped
up in the wiki yesterday -
Not Syncedor something like that.
-
Not SyncedWe also have Gitlab pages.
-
Not SyncedGitlab pages are like Github pages and
allow you to host web sites, -
Not Syncedstatic web sites from within Gitlab.
-
Not SyncedInternally they also use Gitlab CI, so
you provide a Gitlab CI job -
Not Syncedthat just deploys your website, so
it's nothing to do -
Not Syncedand here's our build artifact feature.
-
Not SyncedAll we do here is just add those public
files in the public directory to our pages -
Not Syncedand we only do this on the master branch
-
Not Syncedand basically that's it.
-
Not SyncedThe magic is happening here, it's the
"pages" step and -
Not Syncedif you correctly configure pages in your
repository configuration, -
Not Syncedyou have a Gitlab page after that.
-
Not SyncedYou can also do more fancy things like
a Hugo web site, -
Not Syncedjust depend on a docker image which has
hugo installed -
Not Syncedand then execute a script which builds
Hugo, add some artifacts -
Not Syncedand after that you have a Hugo website.
-
Not SyncedYou can also use it for blogs, you can
use it in personal repositories, -
Not Syncedthen for example for your own web site
or blogs. -
Not SyncedOf course, it's not intended to serve
big web sites -
Not Syncedbut providing blogs for planet.debian.org
is perfectly fine, for example -
Not Syncedor web site of ??? project or
whatever is Debian-related. -
Not SyncedThis brings me to an other topic
not mentioned in my slides -
Not Syncedsome people asked us what is fine to host
on salsa. -
Not SyncedAs long as it's open source, as long as
it's intended to be Debian-related -
Not Syncedor open source related or can be included
in Debian, -
Not Syncedit's perfectly fine to host it on salsa.
-
Not SyncedSo we invite every upstream which is
looking for a home, -
Not Syncedlike the SANE guys, to host them
on salsa. -
Not SyncedWhat we got with the latest major version
is a web editor -
Not Syncedwhich is pretty new,
-
Not Syncedprobably buggy, but it works.
-
Not SyncedSo, if you don't want to clone
a repository -
Not Syncedor you have just to have simple changes,
you can add your file in the web editor, -
Not Syncedyou get a web editor with syntax
highlighting, -
Not Syncedyou get even a markdown preview if you
just do documentation, -
Not Syncedso that's great for every one just doing
documentation -
Not Syncedthat doesn't want to ??? with git
-
Not Syncedor the code inside, you can even
preview it, -
Not Syncedthen you can write a commit message,
-
Not Syncedand that's it.
-
Not SyncedWhat we also have is two-factor
authentication, which is a security feature -
Not Syncedthat allows you to add a second factor
to your Gitlab login. -
Not SyncedI can only recommend to use it, that's
well integrated and adds a lot of security. -
Not SyncedIt works with Yubikeys or any U2F-compatible
key -
Not Syncedand also with software solutions that
implement TOTP, -
Not Syncedtime-based one time passwords.
-
Not SyncedSo every TOTP-compatible generator also
works, for example the Google authenticator -
Not Syncedbut there are also others which are
open source, that all works. -
Not SyncedAdding it is easy.
-
Not Synced???
-
Not SyncedIt's easy.
-
Not SyncedWhat you can't see now is me getting
my smartphone out, -
Not Syncedscanning the bar code, generating a PIN
code, -
Not Syncedand in 2 seconds I will enter the PIN code
-
Not SyncedWhat you see here are recovery codes,
-
Not SyncedI will mention them in a few minutes.
-
Not SyncedYou can use them to recover your account
if you lost your one-time password generator -
Not SyncedSo, if I log in now,
-
Not SyncedI have to use my smartphone to generate
an authentication code, add it, -
Not Syncedand now I'm in, that's it.
-
Not SyncedSo it's pretty easy.
-
Not SyncedSome people say "Oh, what if I lost
my token, that is such much work." -
Not SyncedNo, it's easy.
-
Not SyncedIf you want to recover your token,
I do that all the time, -
Not Syncedyou can just use SSH and do
"ssh git@salsa.debian.org" -
Not Syncedand the command "2fa_recovery_codes"
which will generate you -
Not Synceda number of new recovery codes.
- Title:
- salsa.debian.org state of affairs
- Description:
-
Talk given by Alexander Wirt at Minidebconf Hamburg 18
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-19/salsa.debian.org_state.webm - Video Language:
- English
- Team:
Debconf
- Project:
- 2018_mini-debconf-hamburg
- Duration:
- 48:02
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs |