Fedora Project migration to GitLab
Fedora Project | Migration Tracker
This currently a Work In Progress issue :-)
dist-git is a solution used by the Fedora and CentOS project to manage the collections of components released by these projects in git. The solution is composed of the following:
- git repository
- look a side cache (contains project source tar ball)
- scripts to manage git repo + look a side cache
We would like to investigate GitLab to provide an interface for Fedora's dist-git.
- Timeline. - TBD
- Product. - GitLab Community Edition
Current Tooling and Replacements
Authentication & Authorization
Cloning a repository
Currently anyone is allowed to clone a repository using https.
Pushing changes to a repository
Different type of users can push changes to a repository.
The most common case is the maintainer of the repository. To be able to maintain a repository a community member needs to be a member of the
packager group in the Fedora Account System (FAS).
Being a member of that group allows to clone and push changes to repository using the ssh protocol.
Packager SSH keys are configured in the Fedora Account System and synced on the dist-git server.
A packager can be a project maintainer (access to the project settings) or project co-maintainer (commit access only).
Members of the provenpackager group have commit access to all the projects (except 2 projects for legal reasons), they are trusted to perform mass changes. provenpackager are not listed in each project as members and they won't get notifications for all projects.
Members of the releng group are allowed to commit on all the projects with no exceptions.
Special Interest Group
This is a group of community members that are working together on a collection of package. Access is managed a the group level.
Login to the web service
Community members are using Single Sign On (SSO) provided by either Fedora Account System or CentOS Account System. This is using OpenID Connect.
- We need help to best design how to organize the groups and premission in GitLab.
Git actions and performances
Number of repositories
Container namespace : 75
Flatpaks namespace: 87
Modules namespace: 185
Tests namespace: 17
Rpms namespace: 30169
~ 30,000 repositories
Commits pushed over 1 month
Average ~10,000 commits per months
20,000 commits 1 one week from the same user, happens twice a year.
We are using branches to track a specific version of a release, for example the f32 branch is used to maintain the Fedora 32 release. These branches are automatically created to the repositories when starting to work on a new version.
'refs/heads/f[0-9]+', 'refs/tags/.', 'refs/heads/master', 'refs/heads/.' needs to be protected and only an admin user should be able to create these branches.
No branches can ever be deleted, except by Admin user. Branch commit access can be configure per maintainer, ie maintainer A can commit to branch f[0-9]+ but not to branch epel8, maintainer B can commit to branch epel8 but not to branch f[0-9]+.
Ideally we can hide or archive old branches, for example f28 was EOL (End of life) more than 1 year ago, so we don't need to display it.
Admin user are the only one allowed to create projects. Similarely only Admin can delete a project.
Git seed and Tarball
We're currently shipping a daily bundle of all the git repo to make it easier to download for people with low bandwith. We're currently shipping a daily tarball of all the spec files in all the git repository to make it easier for people to analyze and make stats of them.
This is currently done by scripts, we have to know if we can run such scripts against an hosted instance.
Special API endpoint
We need a single place where we can retrieve the list of people and group that should be CC'ed on tickets in bugzilla for all the projects hosted.
This is to avoid having to do 20k+ requests just to gather this information.
We currently have a single json document generated on a regular basis from the database.
Important but not urgent
Custom fields --> #1906
We want to leverage the Badges feature to offer links to other services. In the current state we would have to configure the badges for 30,000+ projects. Having #22278 would allow us to do that configuration at a group level.
Nice to have
- [ ]