2025-02-12 14:00:08 <@humaton:fedora.im> !startmeeting Git Forge Meeting
2025-02-12 14:00:10 <@meetbot:fedora.im> Meeting started at 2025-02-12 14:00:08 UTC
2025-02-12 14:00:10 <@meetbot:fedora.im> The Meeting name is 'Git Forge Meeting'
2025-02-12 14:00:13 <@humaton:fedora.im> !info this is meeting about the Fedora git forge replacement
2025-02-12 14:00:20 <@humaton:fedora.im> !topic init
2025-02-12 14:00:30 <@smilner:fedora.im> !hi
2025-02-12 14:00:32 <@zodbot:fedora.im> None (smilner)
2025-02-12 14:00:38 <@lenkaseg:fedora.im> !hi
2025-02-12 14:00:39 <@zodbot:fedora.im> Lenka Segura (lenkaseg)
2025-02-12 14:00:55 <@nphilipp:fedora.im> !hi
2025-02-12 14:00:57 <@zodbot:fedora.im> Nils Philippsen (nphilipp) - he / him / his
2025-02-12 14:02:16 <@Zlopez:matrix.org> !hi
2025-02-12 14:02:18 <@zodbot:fedora.im> Michal Konecny (zlopez)
2025-02-12 14:02:30 <@gwmngilfen:fedora.im> !hi
2025-02-12 14:02:33 <@zodbot:fedora.im> Greg Sutcliffe (gwmngilfen) - he / him / his
2025-02-12 14:03:01 <@jbley:fedora.im> helloooooooooo
2025-02-12 14:03:39 <@jbley:fedora.im> rise and shine everyone
2025-02-12 14:04:18 <@ryanlerch:fedora.im> !hi
2025-02-12 14:04:34 <@zodbot:fedora.im> Ryan Lerch (ryanlerch) - he / him / his
2025-02-12 14:06:07 <@dherrera:fedora.im> !hi
2025-02-12 14:06:09 <@zodbot:fedora.im> Diego Herrera (dherrera) - he / him / his
2025-02-12 14:06:20 <@gwmngilfen:fedora.im> oh, good idea, /me stands for a bit
2025-02-12 14:06:36 <@humaton:fedora.im> !topic ryanlerch taking leadership of this initiative.
2025-02-12 14:07:03 <@humaton:fedora.im> Soi ts time to give this initiative some formal grounds. 
2025-02-12 14:08:46 <@nhanlon:beeper.com> !hi
2025-02-12 14:08:47 <@humaton:fedora.im> we have 2 way to approach this. One is to create infrastructure initiative in our tracker, but that seems not enough. So we should sit down and write proposal for https://docs.fedoraproject.org/en-US/project/initiatives/
2025-02-12 14:08:48 <@zodbot:fedora.im> Neil Hanlon (neil) - he / him / his
2025-02-12 14:09:07 <@humaton:fedora.im> WDYT?
2025-02-12 14:09:48 <@amoloney:fedora.im> I'm +1 to community initiative 
2025-02-12 14:09:55 <@smilner:fedora.im> Is that the current process for initiatives?
2025-02-12 14:10:05 <@smilner:fedora.im> _reading it now_
2025-02-12 14:10:12 <@amoloney:fedora.im> The council is going to be updating this process to improve it, and this work fits here
2025-02-12 14:10:41 <@jbley:fedora.im> +1
2025-02-12 14:10:47 <@Zlopez:matrix.org> +1
2025-02-12 14:10:49 <@dherrera:fedora.im> +1
2025-02-12 14:10:57 <@amoloney:fedora.im> The process is a little vague unfortunately as it is, we have a number of improvements to make to the overall framework, but this should be an initiative 
2025-02-12 14:11:02 <@smilner:fedora.im> OK, just making sure it was the same as what we did in https://fedoraproject.org/wiki/CPE_Infrastructure_Projects  ... +1
2025-02-12 14:11:24 <@ryanlerch:fedora.im> I am still getting my ducks in a row with all this, but i will re-focus with the communoity inititive as the starting polnt
2025-02-12 14:12:02 <@amoloney:fedora.im> Slightly different, but there's good overlap 
2025-02-12 14:12:06 <@amoloney:fedora.im> The infrastructure initiative process should fit within the overall community one
2025-02-12 14:12:59 <@humaton:fedora.im> !action /me and ryanlerch will write down initiative proposal draft for next meeting 
2025-02-12 14:13:34 <@amoloney:fedora.im> The community one is more over-arching, the infra initiatives are more a prioritization aid afaik
2025-02-12 14:14:13 <@smilner:fedora.im> And visibility, but that is true. It's meant to give priority to community efforts 👍️
2025-02-12 14:14:27 <@humaton:fedora.im> yes, but we should make as much noises we can also because we will be sun-setting pagure.io as a part of this.
2025-02-12 14:14:50 <@amoloney:fedora.im> ryanlerch: jednorozec: I've been offered as tribute for this work to act as council exec sponsor to the initiative. This is being redefined as providing the initiative with a person to help out with program mgmt
2025-02-12 14:15:10 <@abompard:fedora.im> !hi*
2025-02-12 14:15:17 <@abompard:fedora.im> !hi
2025-02-12 14:15:19 <@zodbot:fedora.im> Aurélien Bompard (abompard) - he / him / his
2025-02-12 14:15:27 <@amoloney:fedora.im> Not leader, aid(er) in the communications, status reporting to council, etc
2025-02-12 14:16:03 <@jbley:fedora.im> jednorozec: agree. We need clear comms and a transparent path/plan incl timelines (even if it's just estimates) to ensure everyone understands the path forward
2025-02-12 14:16:53 <@ryanlerch:fedora.im> Also, one other thing i have had trouble tracking down (especially from my weird timezone), is who is acutally working on / wants to work on this as an inititive. if you are here, can you drop a quick note in the new room ( https://matrix.to/#/#fedora-forgejo:fedora.im )
2025-02-12 14:17:50 <@humaton:fedora.im> ok let move on to next topic
2025-02-12 14:18:15 <@humaton:fedora.im> !topic Forgejo want to know how are we doing
2025-02-12 14:18:18 <@humaton:fedora.im> !link https://codeberg.org/forgejo-contrib/moving-to-forgejo/issues
2025-02-12 14:18:47 <@humaton:fedora.im> There are 2 tickets opened by me, about both of our migration cases pagure.io and distgit
2025-02-12 14:19:03 <@humaton:fedora.im> I need to update the contents of the tickets bit more
2025-02-12 14:19:22 <@humaton:fedora.im> Link our user stories and previous ARC work on distgit replacement
2025-02-12 14:19:41 <@Zlopez:matrix.org> I assume that should be visible in https://pagure.io/fedora-infra/forgejo-deployment/issues
2025-02-12 14:21:20 <@humaton:fedora.im> moving on
2025-02-12 14:21:23 <@humaton:fedora.im> !topic Tickets and Updates
2025-02-12 14:21:33 <@humaton:fedora.im> !link https://pagure.io/fedora-infra/forgejo-deployment/issues
2025-02-12 14:21:33 <@humaton:fedora.im> !info go over tickets and updates
2025-02-12 14:21:33 <@humaton:fedora.im> 
2025-02-12 14:21:48 <@humaton:fedora.im> so
2025-02-12 14:22:01 <@humaton:fedora.im> getting back to ryanlerch note about who works on what
2025-02-12 14:22:23 <@humaton:fedora.im> I think lenkaseg and Yaash are the two people who does not own a ticket
2025-02-12 14:22:27 <@humaton:fedora.im> let me change that
2025-02-12 14:23:39 <@gwmngilfen:fedora.im> i'm interested in Forgejo but at this point it feels like we already have a *lot* of people working on this, so I'm going to lurk and continue getting to understand our infra layout from other angles. But do ping me if I can help with something.
2025-02-12 14:24:18 <@nhanlon:beeper.com> (same)
2025-02-12 14:25:05 <@humaton:fedora.im> well I can always appreciate sysadmins takes on how to solve storage of things, backups... 
2025-02-12 14:25:52 <@ryanlerch:fedora.im> thanks Gwmngilfen and Neil Hanlon this is perfect information -- just so i can document it and we can know where we stand with people that are actively working on the project, and or willing to jump in on specific tasks
2025-02-12 14:27:50 <@humaton:fedora.im> Is there anyone here who does not have a ticket assigned and would like to get one? We need to find out how to approach PostgreSQL 
2025-02-12 14:28:15 <@gwmngilfen:fedora.im> what do we need from PostgreSQL?
2025-02-12 14:29:18 <@gwmngilfen:fedora.im> is that just #6 or is there more context?
2025-02-12 14:29:47 <@humaton:fedora.im> So kontext it the current staging deployment
2025-02-12 14:30:01 <@humaton:fedora.im> that is running forgejo-helm with https://code.forgejo.org/forgejo-helm/forgejo-helm#postgresql-ha
2025-02-12 14:30:20 <@humaton:fedora.im> 2 replicas and one controller I think
2025-02-12 14:30:52 <@humaton:fedora.im> It this the approach we want to use? 
2025-02-12 14:31:44 <@humaton:fedora.im> Is there RH based psql deployment we can use? like operator by RH or something?
2025-02-12 14:32:06 <@humaton:fedora.im> I would like us to avoid just pluging it into our current psql setup
2025-02-12 14:32:25 <@humaton:fedora.im> its single point of failure of too many services already...
2025-02-12 14:32:33 <@gwmngilfen:fedora.im> possibly? I'm no expert here, but I lurk in our internal psql Slack channel, I can ask around if no one else has better ideas
2025-02-12 14:32:52 <@humaton:fedora.im> Can you write down what you find out in the ticket?
2025-02-12 14:33:13 <@ryanlerch:fedora.im> jednorozec: soi you dont want to use the db01 setup that everything else does?
2025-02-12 14:33:28 <@humaton:fedora.im> ryanlerch: nope
2025-02-12 14:33:52 <@humaton:fedora.im> Every time we do something masive, rebuild branching what have you
2025-02-12 14:34:00 <@gwmngilfen:fedora.im> jednorozec: sure, I can put that in #6?
2025-02-12 14:34:18 <@humaton:fedora.im> yes
2025-02-12 14:34:58 <@gwmngilfen:fedora.im> i'm a fan of separate db containers for each project, so that it exists as a single chart / compose / operator. But I'll see what #psql says
2025-02-12 14:35:30 <@humaton:fedora.im> So my simpleton thinking is, the openshift cluster goes down we will just redeploy in second ona. Bud if db01 fails we neeed to fix it
2025-02-12 14:35:52 <@humaton:fedora.im> So my simpleton thinking is, the openshift cluster goes down we will just redeploy in second one. But if db01 fails we neeed to fix it
2025-02-12 14:36:26 <@nhanlon:beeper.com> dedicated sql feels good. redeploying/DR needs more testing, IMO
2025-02-12 14:36:38 <@gwmngilfen:fedora.im> i'm guessing there's a point at which scale becomes a problem, and a bare-metal db is better... but in general I would agree with jednorozec 
2025-02-12 14:36:54 <@nhanlon:beeper.com> (6)  It is easier to move a problem around (for example, by moving
2025-02-12 14:36:54 <@nhanlon:beeper.com> RFC1925:
2025-02-12 14:36:54 <@nhanlon:beeper.com> 
2025-02-12 14:36:54 <@nhanlon:beeper.com>         the problem to a different part of the overall network
2025-02-12 14:36:54 <@nhanlon:beeper.com>         architecture) than it is to solve it.
2025-02-12 14:37:09 <@ryanlerch:fedora.im> yeah, as long as the rest of fedora-infra knows about this and happy to go along with it (im not a sysadmin FYI)
2025-02-12 14:37:28 <@humaton:fedora.im> oh sure, we want koji to use db01, we can test if its enough for our purpose. If its not we can always migrate to the bare metal setup.
2025-02-12 14:38:07 <@gwmngilfen:fedora.im> yep. let me ask around and get a feel for how the psql experts think about dbs-in-containers and then we can loop in the other sysadmins for input
2025-02-12 14:39:03 <@humaton:fedora.im> !topic Staging deployment
2025-02-12 14:39:05 <@humaton:fedora.im> !link https://pagure.io/fedora-infra/forgejo-deployment/issue/2
2025-02-12 14:39:57 <@dkirwan:fedora.im> o/ have the upstream forgejo deployed in staging, not ready to share access more widely, have to harden a few things, disable logins, hook into FAS for auth etc.
2025-02-12 14:41:00 <@t0xic0der:fedora.im> !hii 
2025-02-12 14:41:13 <@t0xic0der:fedora.im> Sorry, I am late 
2025-02-12 14:41:20 <@t0xic0der:fedora.im> !hi
2025-02-12 14:41:21 <@zodbot:fedora.im> Akashdeep Dhar (t0xic0der) - he / him / his
2025-02-12 14:41:26 <@Zlopez:matrix.org> @dkirwan:fedora.im Let me know if you need something regarding FAS, I integrated plenty of projects now, so I know a thing or two :-)
2025-02-12 14:42:09 <@zodbot:fedora.im> neil gave a cookie to dkirwan. They now have 12 cookies, 4 of which were obtained in the Fedora 41 release cycle
2025-02-12 14:42:15 <@humaton:fedora.im> there is alsi gita docs mention about freeIPA and ldap https://docs.gitea.com/usage/authentication#freeipa
2025-02-12 14:42:25 <@dkirwan:fedora.im> Think we can reuse the ipsilon config from last time? when we had it running in communishift, just need to configure the forgejo side
2025-02-12 14:43:13 <@Zlopez:matrix.org> @dkirwan:fedora.im That should work, but we need to update the redirect URIs in the ipsilon entry
2025-02-12 14:43:18 <@humaton:fedora.im> it would be amazing if we can also sync groups and membership without external service
2025-02-12 14:43:22 <@ryanlerch:fedora.im> yeah, IIRC it was pretty simple to set up when i did it
2025-02-12 14:44:12 <@gwmngilfen:fedora.im> btw a Matrix admin for #fedora-space:fedoraproject.org should probably add #fedora-forgejo:fedora.im to the space ...
2025-02-12 14:44:12 <@t0xic0der:fedora.im> Also the exporting side of things - Not sure if that has been brought up just yet
2025-02-12 14:44:16 <@ryanlerch:fedora.im> jednorozec: IIRC it did have it set up to pull the groups down from the OIDC scopes, and it was applying that to permissions too
2025-02-12 14:44:29 <@Zlopez:matrix.org> @humaton:fedora.im FreeIPA can provide it on login, but it depends if forgejo can work with the information
2025-02-12 14:44:44 <@Zlopez:matrix.org> It just about settings the right scopes for OIDC
2025-02-12 14:45:09 <@Zlopez:matrix.org> @ryanlerch:fedora.im answered the question :-D
2025-02-12 14:45:11 <@nhanlon:beeper.com> I believe it can--I think we're doing that w/ git.resf.org right now
2025-02-12 14:45:44 <@ryanlerch:fedora.im> Zlopez: yeah it was a POC when i did it, but it was giving admin to all sysadmin-main people at one point
2025-02-12 14:45:53 <@humaton:fedora.im> so
2025-02-12 14:45:58 <@humaton:fedora.im> talking about the deployment
2025-02-12 14:46:28 <@humaton:fedora.im> David Kirwan: is it deployed from forgejo-helm or fedora/forgejo-helm?
2025-02-12 14:46:39 <@ryanlerch:fedora.im> David Kirwan: yeah you should be able to reuse the keys i added to the secrets repo no worries yes.
2025-02-12 14:46:43 <@dkirwan:fedora.im> forgejo-helm, the upstream
2025-02-12 14:46:44 <@humaton:fedora.im> can you comment in the ticket what are you trying out?
2025-02-12 14:47:17 <@dkirwan:fedora.im> yeah will do, just looking at passing in config that can disable registration etc as part of the deploy
2025-02-12 14:48:04 <@humaton:fedora.im> so we have time for one more I would like your attention on
2025-02-12 14:48:21 <@humaton:fedora.im> !topic OCI images
2025-02-12 14:48:24 <@humaton:fedora.im> !link https://pagure.io/fedora-infra/forgejo-deployment/issue/1
2025-02-12 14:49:03 <@humaton:fedora.im> So since for now we are going with the helm deployment we need to supply it our own images before we are able to promote it to production
2025-02-12 14:50:05 <@humaton:fedora.im> lenkaseg is playing with the fedora based container build but we will need more
2025-02-12 14:50:24 <@humaton:fedora.im> lenkaseg is playing with the forgejo fedora based container build but we will need more
2025-02-12 14:50:47 <@lenkaseg:fedora.im> yep, using fedora:rawhide as a base image, now making it buildah compatible :)
2025-02-12 14:50:51 <@humaton:fedora.im> lenkaseg: how is Konflux on you?
2025-02-12 14:51:11 <@humaton:fedora.im> I find the UX somewhat not finished yet
2025-02-12 14:51:22 <@lenkaseg:fedora.im> builds locally with buildah, but from the last run ~hour ago I see in konflux it still fails on something...
2025-02-12 14:52:32 <@lenkaseg:fedora.im> jednorozec: you explained a lot the other day! still looking around, but at least I can follow some basics :)
2025-02-12 14:53:27 <@lenkaseg:fedora.im> Want to study the tekton pipelines a bit deeper...
2025-02-12 14:53:48 <@humaton:fedora.im> as always any help is appreciated, containerization is not really strong skill in CLE, yet! 
2025-02-12 14:54:21 <@lenkaseg:fedora.im> There was actually one thing I wanted to ask about, regarding the mirrors
2025-02-12 14:54:41 <@humaton:fedora.im> !topic Open floor
2025-02-12 14:54:48 <@humaton:fedora.im> Ideal place to do so lenkaseg 
2025-02-12 14:55:52 <@lenkaseg:fedora.im> Ok, so we have a repo on codeberg.org with the oci-images that mirrors to the github repo from which it's picked up by konflux
2025-02-12 14:57:06 <@lenkaseg:fedora.im> I was wondering, if we could reverse the mirror, to be able to make the PRs on the github side
2025-02-12 14:57:35 <@lenkaseg:fedora.im> since there is that thing that makes a build from a PR there, would maybe spare us from merging?
2025-02-12 14:57:51 <@humaton:fedora.im> you are giving up your freedoms and freedoms of all your contributors by using github https://sfconservancy.org/GiveUpGitHub/
2025-02-12 14:57:59 <@lenkaseg:fedora.im> (not sure if I'm explaining myself well)
2025-02-12 14:58:25 <@humaton:fedora.im> we will just drop the mirror eventually when forgej gets supported
2025-02-12 14:58:47 <@nphilipp:fedora.im> jednorozec: I take it you’d prefer if we pointed Konflux at the repo on codeberg?
2025-02-12 14:59:14 <@humaton:fedora.im> we can discuss it in the #fedora-forgejo:fedora.im  chanell
2025-02-12 14:59:22 <@lenkaseg:fedora.im> konflux can support codeberg?
2025-02-12 14:59:26 <@humaton:fedora.im> !endmeeting