<@humaton:fedora.im>
14:00:08
!startmeeting Git Forge Meeting
<@meetbot:fedora.im>
14:00:10
Meeting started at 2025-02-12 14:00:08 UTC
<@meetbot:fedora.im>
14:00:10
The Meeting name is 'Git Forge Meeting'
<@humaton:fedora.im>
14:00:13
!info this is meeting about the Fedora git forge replacement
<@humaton:fedora.im>
14:00:20
!topic init
<@smilner:fedora.im>
14:00:30
!hi
<@zodbot:fedora.im>
14:00:32
None (smilner)
<@lenkaseg:fedora.im>
14:00:38
!hi
<@zodbot:fedora.im>
14:00:39
Lenka Segura (lenkaseg)
<@nphilipp:fedora.im>
14:00:55
!hi
<@zodbot:fedora.im>
14:00:57
Nils Philippsen (nphilipp) - he / him / his
<@Zlopez:matrix.org>
14:02:16
!hi
<@zodbot:fedora.im>
14:02:18
Michal Konecny (zlopez)
<@gwmngilfen:fedora.im>
14:02:30
!hi
<@zodbot:fedora.im>
14:02:33
Greg Sutcliffe (gwmngilfen) - he / him / his
<@jbley:fedora.im>
14:03:01
helloooooooooo
<@jbley:fedora.im>
14:03:39
rise and shine everyone
<@ryanlerch:fedora.im>
14:04:18
!hi
<@zodbot:fedora.im>
14:04:34
Ryan Lerch (ryanlerch) - he / him / his
<@dherrera:fedora.im>
14:06:07
!hi
<@zodbot:fedora.im>
14:06:09
Diego Herrera (dherrera) - he / him / his
<@gwmngilfen:fedora.im>
14:06:20
oh, good idea, /me stands for a bit
<@humaton:fedora.im>
14:06:36
!topic ryanlerch taking leadership of this initiative.
<@humaton:fedora.im>
14:07:03
Soi ts time to give this initiative some formal grounds.
<@nhanlon:beeper.com>
14:08:46
!hi
<@humaton:fedora.im>
14:08:47
we have 2 way to approach this. One is to create infrastructure initiative in our tracker, but that seems not enough. So we should sit down and write proposal for https://docs.fedoraproject.org/en-US/project/initiatives/
<@zodbot:fedora.im>
14:08:48
Neil Hanlon (neil) - he / him / his
<@humaton:fedora.im>
14:09:07
WDYT?
<@amoloney:fedora.im>
14:09:48
I'm +1 to community initiative
<@smilner:fedora.im>
14:09:55
Is that the current process for initiatives?
<@smilner:fedora.im>
14:10:05
_reading it now_
<@amoloney:fedora.im>
14:10:12
The council is going to be updating this process to improve it, and this work fits here
<@jbley:fedora.im>
14:10:41
+1
<@Zlopez:matrix.org>
14:10:47
+1
<@dherrera:fedora.im>
14:10:49
+1
<@amoloney:fedora.im>
14:10:57
The process is a little vague unfortunately as it is, we have a number of improvements to make to the overall framework, but this should be an initiative
<@smilner:fedora.im>
14:11:02
OK, just making sure it was the same as what we did in https://fedoraproject.org/wiki/CPE_Infrastructure_Projects ... +1
<@ryanlerch:fedora.im>
14:11:24
I am still getting my ducks in a row with all this, but i will re-focus with the communoity inititive as the starting polnt
<@amoloney:fedora.im>
14:12:02
Slightly different, but there's good overlap
<@amoloney:fedora.im>
14:12:06
The infrastructure initiative process should fit within the overall community one
<@humaton:fedora.im>
14:12:59
!action /me and ryanlerch will write down initiative proposal draft for next meeting
<@amoloney:fedora.im>
14:13:34
The community one is more over-arching, the infra initiatives are more a prioritization aid afaik
<@smilner:fedora.im>
14:14:13
And visibility, but that is true. It's meant to give priority to community efforts 👍️
<@humaton:fedora.im>
14:14:27
yes, but we should make as much noises we can also because we will be sun-setting pagure.io as a part of this.
<@amoloney:fedora.im>
14:14:50
ryanlerch: jednorozec: I've been offered as tribute for this work to act as council exec sponsor to the initiative. This is being redefined as providing the initiative with a person to help out with program mgmt
<@abompard:fedora.im>
14:15:10
!hi*
<@abompard:fedora.im>
14:15:17
!hi
<@zodbot:fedora.im>
14:15:19
Aurélien Bompard (abompard) - he / him / his
<@amoloney:fedora.im>
14:15:27
Not leader, aid(er) in the communications, status reporting to council, etc
<@jbley:fedora.im>
14:16:03
jednorozec: agree. We need clear comms and a transparent path/plan incl timelines (even if it's just estimates) to ensure everyone understands the path forward
<@ryanlerch:fedora.im>
14:16:53
Also, one other thing i have had trouble tracking down (especially from my weird timezone), is who is acutally working on / wants to work on this as an inititive. if you are here, can you drop a quick note in the new room ( https://matrix.to/#/#fedora-forgejo:fedora.im )
<@humaton:fedora.im>
14:17:50
ok let move on to next topic
<@humaton:fedora.im>
14:18:15
!topic Forgejo want to know how are we doing
<@humaton:fedora.im>
14:18:18
!link https://codeberg.org/forgejo-contrib/moving-to-forgejo/issues
<@humaton:fedora.im>
14:18:47
There are 2 tickets opened by me, about both of our migration cases pagure.io and distgit
<@humaton:fedora.im>
14:19:03
I need to update the contents of the tickets bit more
<@humaton:fedora.im>
14:19:22
Link our user stories and previous ARC work on distgit replacement
<@Zlopez:matrix.org>
14:19:41
I assume that should be visible in https://pagure.io/fedora-infra/forgejo-deployment/issues
<@humaton:fedora.im>
14:21:20
moving on
<@humaton:fedora.im>
14:21:23
!topic Tickets and Updates
<@humaton:fedora.im>
14:21:33
!link https://pagure.io/fedora-infra/forgejo-deployment/issues
<@humaton:fedora.im>
14:21:33
!info go over tickets and updates
<@humaton:fedora.im>
14:21:33
<@humaton:fedora.im>
14:21:48
so
<@humaton:fedora.im>
14:22:01
getting back to ryanlerch note about who works on what
<@humaton:fedora.im>
14:22:23
I think lenkaseg and Yaash are the two people who does not own a ticket
<@humaton:fedora.im>
14:22:27
let me change that
<@gwmngilfen:fedora.im>
14:23:39
i'm interested in Forgejo but at this point it feels like we already have a *lot* of people working on this, so I'm going to lurk and continue getting to understand our infra layout from other angles. But do ping me if I can help with something.
<@nhanlon:beeper.com>
14:24:18
(same)
<@humaton:fedora.im>
14:25:05
well I can always appreciate sysadmins takes on how to solve storage of things, backups...
<@ryanlerch:fedora.im>
14:25:52
thanks Gwmngilfen and Neil Hanlon this is perfect information -- just so i can document it and we can know where we stand with people that are actively working on the project, and or willing to jump in on specific tasks
<@humaton:fedora.im>
14:27:50
Is there anyone here who does not have a ticket assigned and would like to get one? We need to find out how to approach PostgreSQL
<@gwmngilfen:fedora.im>
14:28:15
what do we need from PostgreSQL?
<@gwmngilfen:fedora.im>
14:29:18
is that just #6 or is there more context?
<@humaton:fedora.im>
14:29:47
So kontext it the current staging deployment
<@humaton:fedora.im>
14:30:01
that is running forgejo-helm with https://code.forgejo.org/forgejo-helm/forgejo-helm#postgresql-ha
<@humaton:fedora.im>
14:30:20
2 replicas and one controller I think
<@humaton:fedora.im>
14:30:52
It this the approach we want to use?
<@humaton:fedora.im>
14:31:44
Is there RH based psql deployment we can use? like operator by RH or something?
<@humaton:fedora.im>
14:32:06
I would like us to avoid just pluging it into our current psql setup
<@humaton:fedora.im>
14:32:25
its single point of failure of too many services already...
<@gwmngilfen:fedora.im>
14:32:33
possibly? I'm no expert here, but I lurk in our internal psql Slack channel, I can ask around if no one else has better ideas
<@humaton:fedora.im>
14:32:52
Can you write down what you find out in the ticket?
<@ryanlerch:fedora.im>
14:33:13
jednorozec: soi you dont want to use the db01 setup that everything else does?
<@humaton:fedora.im>
14:33:28
ryanlerch: nope
<@humaton:fedora.im>
14:33:52
Every time we do something masive, rebuild branching what have you
<@gwmngilfen:fedora.im>
14:34:00
jednorozec: sure, I can put that in #6?
<@humaton:fedora.im>
14:34:18
yes
<@gwmngilfen:fedora.im>
14:34:58
i'm a fan of separate db containers for each project, so that it exists as a single chart / compose / operator. But I'll see what #psql says
<@humaton:fedora.im>
14:35:30
So my simpleton thinking is, the openshift cluster goes down we will just redeploy in second ona. Bud if db01 fails we neeed to fix it
<@humaton:fedora.im>
14:35:52
So my simpleton thinking is, the openshift cluster goes down we will just redeploy in second one. But if db01 fails we neeed to fix it
<@nhanlon:beeper.com>
14:36:26
dedicated sql feels good. redeploying/DR needs more testing, IMO
<@gwmngilfen:fedora.im>
14:36:38
i'm guessing there's a point at which scale becomes a problem, and a bare-metal db is better... but in general I would agree with jednorozec
<@nhanlon:beeper.com>
14:36:54
(6) It is easier to move a problem around (for example, by moving
<@nhanlon:beeper.com>
14:36:54
RFC1925:
<@nhanlon:beeper.com>
14:36:54
<@nhanlon:beeper.com>
14:36:54
the problem to a different part of the overall network
<@nhanlon:beeper.com>
14:36:54
architecture) than it is to solve it.
<@ryanlerch:fedora.im>
14:37:09
yeah, as long as the rest of fedora-infra knows about this and happy to go along with it (im not a sysadmin FYI)
<@humaton:fedora.im>
14:37:28
oh sure, we want koji to use db01, we can test if its enough for our purpose. If its not we can always migrate to the bare metal setup.
<@gwmngilfen:fedora.im>
14:38:07
yep. let me ask around and get a feel for how the psql experts think about dbs-in-containers and then we can loop in the other sysadmins for input
<@humaton:fedora.im>
14:39:03
!topic Staging deployment
<@humaton:fedora.im>
14:39:05
!link https://pagure.io/fedora-infra/forgejo-deployment/issue/2
<@dkirwan:fedora.im>
14:39:57
o/ have the upstream forgejo deployed in staging, not ready to share access more widely, have to harden a few things, disable logins, hook into FAS for auth etc.
<@t0xic0der:fedora.im>
14:41:00
!hii
<@t0xic0der:fedora.im>
14:41:13
Sorry, I am late
<@t0xic0der:fedora.im>
14:41:20
!hi
<@zodbot:fedora.im>
14:41:21
Akashdeep Dhar (t0xic0der) - he / him / his
<@Zlopez:matrix.org>
14:41:26
@dkirwan:fedora.im Let me know if you need something regarding FAS, I integrated plenty of projects now, so I know a thing or two :-)
<@zodbot:fedora.im>
14:42:09
neil gave a cookie to dkirwan. They now have 12 cookies, 4 of which were obtained in the Fedora 41 release cycle
<@humaton:fedora.im>
14:42:15
there is alsi gita docs mention about freeIPA and ldap https://docs.gitea.com/usage/authentication#freeipa
<@dkirwan:fedora.im>
14:42:25
Think we can reuse the ipsilon config from last time? when we had it running in communishift, just need to configure the forgejo side
<@Zlopez:matrix.org>
14:43:13
@dkirwan:fedora.im That should work, but we need to update the redirect URIs in the ipsilon entry
<@humaton:fedora.im>
14:43:18
it would be amazing if we can also sync groups and membership without external service
<@ryanlerch:fedora.im>
14:43:22
yeah, IIRC it was pretty simple to set up when i did it
<@gwmngilfen:fedora.im>
14:44:12
btw a Matrix admin for #fedora-space:fedoraproject.org should probably add #fedora-forgejo:fedora.im to the space ...
<@t0xic0der:fedora.im>
14:44:12
Also the exporting side of things - Not sure if that has been brought up just yet
<@ryanlerch:fedora.im>
14:44:16
jednorozec: IIRC it did have it set up to pull the groups down from the OIDC scopes, and it was applying that to permissions too
<@Zlopez:matrix.org>
14:44:29
@humaton:fedora.im FreeIPA can provide it on login, but it depends if forgejo can work with the information
<@Zlopez:matrix.org>
14:44:44
It just about settings the right scopes for OIDC
<@Zlopez:matrix.org>
14:45:09
@ryanlerch:fedora.im answered the question :-D
<@nhanlon:beeper.com>
14:45:11
I believe it can--I think we're doing that w/ git.resf.org right now
<@ryanlerch:fedora.im>
14:45:44
Zlopez: yeah it was a POC when i did it, but it was giving admin to all sysadmin-main people at one point
<@humaton:fedora.im>
14:45:53
so
<@humaton:fedora.im>
14:45:58
talking about the deployment
<@humaton:fedora.im>
14:46:28
David Kirwan: is it deployed from forgejo-helm or fedora/forgejo-helm?
<@ryanlerch:fedora.im>
14:46:39
David Kirwan: yeah you should be able to reuse the keys i added to the secrets repo no worries yes.
<@dkirwan:fedora.im>
14:46:43
forgejo-helm, the upstream
<@humaton:fedora.im>
14:46:44
can you comment in the ticket what are you trying out?
<@dkirwan:fedora.im>
14:47:17
yeah will do, just looking at passing in config that can disable registration etc as part of the deploy
<@humaton:fedora.im>
14:48:04
so we have time for one more I would like your attention on
<@humaton:fedora.im>
14:48:21
!topic OCI images
<@humaton:fedora.im>
14:48:24
!link https://pagure.io/fedora-infra/forgejo-deployment/issue/1
<@humaton:fedora.im>
14:49:03
So since for now we are going with the helm deployment we need to supply it our own images before we are able to promote it to production
<@humaton:fedora.im>
14:50:05
lenkaseg is playing with the fedora based container build but we will need more
<@humaton:fedora.im>
14:50:24
lenkaseg is playing with the forgejo fedora based container build but we will need more
<@lenkaseg:fedora.im>
14:50:47
yep, using fedora:rawhide as a base image, now making it buildah compatible :)
<@humaton:fedora.im>
14:50:51
lenkaseg: how is Konflux on you?
<@humaton:fedora.im>
14:51:11
I find the UX somewhat not finished yet
<@lenkaseg:fedora.im>
14:51:22
builds locally with buildah, but from the last run ~hour ago I see in konflux it still fails on something...
<@lenkaseg:fedora.im>
14:52:32
jednorozec: you explained a lot the other day! still looking around, but at least I can follow some basics :)
<@lenkaseg:fedora.im>
14:53:27
Want to study the tekton pipelines a bit deeper...
<@humaton:fedora.im>
14:53:48
as always any help is appreciated, containerization is not really strong skill in CLE, yet!
<@lenkaseg:fedora.im>
14:54:21
There was actually one thing I wanted to ask about, regarding the mirrors
<@humaton:fedora.im>
14:54:41
!topic Open floor
<@humaton:fedora.im>
14:54:48
Ideal place to do so lenkaseg
<@lenkaseg:fedora.im>
14:55:52
Ok, so we have a repo on codeberg.org with the oci-images that mirrors to the github repo from which it's picked up by konflux
<@lenkaseg:fedora.im>
14:57:06
I was wondering, if we could reverse the mirror, to be able to make the PRs on the github side
<@lenkaseg:fedora.im>
14:57:35
since there is that thing that makes a build from a PR there, would maybe spare us from merging?
<@humaton:fedora.im>
14:57:51
you are giving up your freedoms and freedoms of all your contributors by using github https://sfconservancy.org/GiveUpGitHub/
<@lenkaseg:fedora.im>
14:57:59
(not sure if I'm explaining myself well)
<@humaton:fedora.im>
14:58:25
we will just drop the mirror eventually when forgej gets supported
<@nphilipp:fedora.im>
14:58:47
jednorozec: I take it you’d prefer if we pointed Konflux at the repo on codeberg?
<@humaton:fedora.im>
14:59:14
we can discuss it in the #fedora-forgejo:fedora.im chanell
<@lenkaseg:fedora.im>
14:59:22
konflux can support codeberg?
<@humaton:fedora.im>
14:59:26
!endmeeting