Page MenuHomePhabricator
Create Task
Maniphest T321597

Mirror repositories hosted on our GitLab to GitHub
Open, Needs TriagePublicFeature
Actions

Description

In T317820#8340198, @bd808 wrote:
In T317820#8333057, @hashar wrote:

For repositories hosted on our GitLab, I am not sure we need to replicate them back to GitHub since https://gitlab.wikimedia.org/repos/releng/blubber seems to give a good exposure to the world wide web. If somehow a repository requires replication to GitHub for running 3rd party integrations, that is to be determinated.

I think this assumption is worth a more public discussion for repos other than Blubber. GitLab supports push mirroring. Having a consolidated view of commit activity across many Wikimedia related git repos visible on a user's GitLab profile is actually a benefit for those members of our community who take advantage of it. GitHub mirrors for MediaWiki repos have long been advertised via Extension detail pages among other locations. Composer package updates are currently automated using GitHub hooks. The community might decide that we no longer want to be associated with GitHub, but until that is the case I think it is reasonably easy to continue to mirror repos to GitHub after they have been moved from Gerrit to our local GitLab.

Related Objects

Event Timeline

bd808 created this task.Oct 25 2022, 4:56 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 25 2022, 4:56 PM
bd808 changed the subtype of this task from "Task" to "Feature Request".Oct 25 2022, 4:56 PM
bd808 added a subscriber: brennen.
In T317820#8340204, @brennen wrote:

It's also likely to be true that people care about seeing their contributions mirrored to GitHub for reputational / career / social standing purposes, since evidence of participation there is treated as the de facto real-world proxy for having done open source work in a bunch of contexts.

I don't like this state of affairs, but it's worth acknowledging that people may have reasons to care.

bd808 added subscribers: thcipriani, dduvall.Oct 25 2022, 4:56 PM
In T317820#8342476, @thcipriani wrote:
In T317820#8333031, @dduvall wrote:

I would think it would be on a repo by repo basis in the settings. Who has access to the wikimedia GitHub org? Seems like someone on our team should since we're the Gerrit/GitLab folks at WMF.

FWIW, it is not on a repo-by-repo basis. Gerrit actively pushes (see replication settings for gerrit in puppet.

Also, 🎉 you're now an owner in the GitHub org.

+1 for keeping mirroring to GitHub.

We don't have mirrors for every repo on Gerrit. There was one manual step to mirroring—the repository had to be manually created in GitHub first. After that, mirroring worked automagically.

There are two problems with mirroring from GitLab:

  1. How to do it
  2. How to stop Gerrit from doing it: does archiving a repo in Gerrit mean it's still mirrored from Gerrit to GitHub if the GitHub repo exists? If that's the case: can we modify replication settings to stop it?
taavi added a project: Wikimedia-GitHub.Oct 25 2022, 4:57 PM
bd808 mentioned this in T317820: Archive the Blubber gerrit repo.Oct 25 2022, 4:57 PM
brennen edited projects, added GitLab (Integrations), Release-Engineering-Team; removed GitLab.Oct 25 2022, 4:58 PM
bd808 added a comment.Oct 25 2022, 5:11 PM

Having the ability to inherit project config from the parent project (https://gitlab.com/gitlab-org/gitlab/-/issues/28593) would make operations like this easier to setup for large swaths of our hosted repos.

hashar added a comment.Nov 4 2022, 4:17 PM

How to stop Gerrit from doing it: does archiving a repo in Gerrit mean it's still mirrored from Gerrit to GitHub if the GitHub repo exists? If that's the case: can we modify replication settings to stop it?

In Gerrit, the GitHub replica is configured with a group which is granted the read permission:

hieradata/role/common/gerrit.yaml
profile::gerrit::replication:
    github:
        url: 'git@github.com:wikimedia/${name}'
        authGroup: 'mediawiki-replication'
        mirror: false
        push:
            - '+refs/heads/*:refs/heads/*'
            - '+refs/tags/*:refs/tags/*'
...

From replication plugin config doc:

**remote.NAME.authGroup
Specifies the name of a group that the remote should use to access the repositories. ...
In the project administration web interface the read access can be specified for this group to control if a project should be replicated or not to the remote.

The permission is granted in https://gerrit.wikimedia.org/r/admin/repos/All-Projects,access which ALLOW the Read permission on refs/*. Thus all projects should depend on it and thus are replicated.

When archiving a repository (via Projects-Cleanup), we simply update the description to prefix it with [ARCHIVED] and mark the repository Read-only. It is still replicated though. We would need to reparent it from All-Projects to a new All-Archived-Projects which would BLOCK or DENY the Read permission to mediawiki-replication group.

thcipriani edited projects, added Release-Engineering-Team (Priority Backlog 📥); removed Release-Engineering-Team.Jan 23 2023, 9:24 PM
Jdforrester-WMF mentioned this in T332953: Migrate PipelineLib repos to GitLab.Apr 27 2023, 1:31 PM
Peachey88 moved this task from Backlog to config on the Wikimedia-GitHub board.May 19 2023, 9:02 PM
hashar mentioned this in T268196: Figure out the future of codesearch in a GitLab world.Jun 12 2023, 8:29 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits