Monitoring forge features and its impact on forge federation

dachary commented

2024-02-14 10:48:38 +00:00

Member

@natct and myself will start monitoring forge features in the context of the F3 project. Our goal is to figure out how to represent those features for data portability purposes.

I also think it matters for the long term strategy of Forgejo.

Forgejo is an underdog compared to GitLab and GitHub as they ship an order of magnitude more features (see GitHub roadmap and GitLab release announcements). But Forgejo does not try to compete on that level. Instead it focuses on implementing Forge federation which will eventually make centralized forges such as GitHub a thing of the past.

However, forge federation can happen effectively if the features that matter to a given forge user can be communicated to another forge. Either via a Forgefed message or via a F3 archive. And, as can be expected, proprietary forges such as GitHub will do their utmost to lock users in by making them addicted to new features that cannot be found elsewhere. The latest of which being copilot, but it is not an isolated example.

Here are two feature examples and how they relate to federation:

no impact on federation: dependabot is bound to GitHub but is an external tool. It is however integrated in the UI. Forgejo can rely on Renovate instead but does not have a UI integration.
impact on federation: agit flow as implemented and documented in Forgejo means that pull requests are represented differently internally (refs/for/... instead refs/pull/...) which requires transformation when converting from and to GitHub because it does not support this workflow.

In other words, when a new feature is released, its impact on forge federation can be evaluated and the strategy modified accordingly, if needed.

@jerger @pere @earl-warren @oelmekki since you are actively involved in forge federation (not necessarily in Forgejo), do you think this monitoring of forge features is a useful thing to have?

@natct and myself will start monitoring [forge features](https://forum.forgefriends.org/t/monitoring-forge-features/1015) in the context of the [F3 project](https://f3.forgefriends.org/). Our goal is to figure out how to represent those features for data portability purposes. I also think it matters for the long term strategy of Forgejo. Forgejo is an underdog compared to GitLab and GitHub as they ship an order of magnitude more features (see [GitHub](https://github.com/orgs/github/projects/4247/views/1?filterQuery=is%3Aclosed+-status%3A%22Q4+2022+%E2%80%93+Oct-Dec%22%2C%22Q2+2023+%E2%80%93+Apr-Jun%22) roadmap and [GitLab](https://gitlab.com/gitlab-org/gitlab/-/releases) release announcements). But Forgejo does not try to compete on that level. Instead it focuses on implementing Forge federation which will eventually make centralized forges such as GitHub a thing of the past. However, forge federation can happen effectively if the features that matter to a given forge user can be communicated to another forge. Either via a Forgefed message or via a F3 archive. And, as can be expected, proprietary forges such as GitHub will do their utmost to lock users in by making them addicted to new features that cannot be found elsewhere. The latest of which being copilot, but it is not an isolated example. Here are two feature examples and how they relate to federation: * **no impact on federation**: dependabot is bound to GitHub but is an external tool. It is however integrated in the UI. Forgejo can rely on Renovate instead but does not have a UI integration. * **impact on federation**: [agit flow](https://git-repo.info/en/2020/03/agit-flow-and-git-repo/) as implemented and [documented in Forgejo](https://forgejo.org/docs/v1.21/user/agit-support/) means that pull requests are represented differently internally (refs/for/... instead refs/pull/...) which requires transformation when converting from and to GitHub because it does not support this workflow. In other words, **when a new feature is released, its impact on forge federation can be evaluated and the strategy modified accordingly**, if needed. @jerger @pere @earl-warren @oelmekki since you are actively involved in forge federation (not necessarily in Forgejo), do you think this monitoring of forge features is a useful thing to have?

jerger commented

2024-02-14 16:27:21 +00:00

Member

Monitoring or at least listing forge features is a valuable work anyhow, I think.

If monitoring features mean, we should collect requirements before designing lets say "federated fork" or "federated PR" this might be wise :-).

If there are flows like agit flow, git flow, trunk-based-development and more (see https://www.gitkraken.com/blog/trunk-based-development#git-branching-strategies) we should collect them and ensure they will also work in case of federation.

Monitoring or at least listing forge features is a valuable work anyhow, I think. If monitoring features mean, we should collect requirements before designing lets say "federated fork" or "federated PR" this might be wise :-). If there are flows like agit flow, git flow, trunk-based-development and more (see https://www.gitkraken.com/blog/trunk-based-development#git-branching-strategies) we should collect them and ensure they will also work in case of federation.

👍 2

oelmekki commented

2024-02-14 18:14:50 +00:00

Are there other forges that you know of than Forgejo and GitLab working on this currently? I didn't get if the reference implementation on the ForgeFed site is a demo or something actually used in production.

Maybe at some point we'll need a forum similar to the one from activiypub.rocks (or even use their one in a community dedicated to ForgeFed) if we want to keep other projects posted and not requiring them to keep track of all others, or if we want to discuss all in the same place.

Edit: actually, I see there is such category already. Maybe we should start posting there. 😅

Are there other forges that you know of than Forgejo and GitLab working on this currently? I didn't get if the reference implementation on the ForgeFed site is a demo or something actually used in production. Maybe at some point we'll need a forum similar to the one from activiypub.rocks (or even use their one in a community dedicated to ForgeFed) if we want to keep other projects posted and not requiring them to keep track of all others, or if we want to discuss all in the same place. Edit: actually, I see there is [such category already](https://socialhub.activitypub.rocks/). Maybe we should start posting there. 😅

dachary commented

2024-02-14 19:55:19 +00:00

Author

Member

Are there other forges that you know of than Forgejo and GitLab working on this currently?

Two of them at a very early stage of development:

At this stage neither of them is production ready.

> Are there other forges that you know of than Forgejo and GitLab working on this currently? Two of them at a very early stage of development: * https://ayllu-forge.org/ * https://codeberg.org/ForgeFed/Vervis At this stage neither of them is production ready.

👍 2

earl-warren commented

2024-02-14 20:43:16 +00:00

Owner

It is valuable for Forgejo to keep an eye on the features added to other forges, precisely because it is an underdog. There is no way it can compete, this is a given. And it would be tempting to turn a blind eye because of that and pretend the problem does not exist. But it does and needs to be dealt with, integrated in the federation strategy so that it is not defeated.

I took a look at the GitHub features from Q4 2023 and this is what I get:

GitHub Actions:
- M1 & GPU runners support
- Secure connection of runners from internal networks
Switching between two logged in accounts
Security updates are grouped by the dependency management bot
API for server management
New requirements for import / export between GitHub instances

I'm not exactly sure what to do with that, except for the import / export aspect which has a clear relationship to federation. But that alone is worth the effort of monitoring the roadmap at least for a few months.

@oelmekki since you're quite familiar with GitLab, is this URL the best one to figure out, from a distance, what new features are added to Gitlab? Or is there another one which would be more convenient for that purpose?

It is valuable for Forgejo to keep an eye on the features added to other forges, precisely because it is an underdog. There is no way it can compete, this is a given. And it would be tempting to **turn a blind eye because of that and pretend the problem does not exist**. But it does and needs to be dealt with, integrated in the federation strategy so that it is not defeated. I took a look at the [GitHub features](https://github.com/orgs/github/projects/4247/views/1?filterQuery=is%3Aclosed+-status%3A%22Q4+2022+%E2%80%93+Oct-Dec%22%2C%22Q2+2023+%E2%80%93+Apr-Jun%22) from Q4 2023 and this is what I get: * GitHub Actions: * M1 & GPU runners support * Secure connection of runners from internal networks * Switching between two logged in accounts * Security updates are grouped by the dependency management bot * API for server management * New requirements for import / export between GitHub instances I'm not exactly sure what to do with that, except for the import / export aspect which has a clear relationship to federation. But that alone is worth the effort of monitoring the roadmap at least for a few months. @oelmekki since you're quite familiar with GitLab, is [this URL](https://gitlab.com/gitlab-org/gitlab/-/releases) the best one to figure out, from a distance, what new features are added to Gitlab? Or is there another one which would be more convenient for that purpose?

earl-warren commented

2024-02-14 21:00:32 +00:00

Owner

Regarding GitHub, the GitHub Enterprise release notes is what's worth monitoring rather than the GitHub.com online service. There is a lot more going on there.

Regarding GitHub, the [GitHub Enterprise release notes](https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0) is what's worth monitoring rather than the GitHub.com online service. There is a **lot** more going on there.

oelmekki commented

2024-02-14 21:09:50 +00:00

@earl-warren Just to not be misleading, I wouldn't call myself a GitLab expert (I've used it intensively by self-hosting it for a few years in its early days, but then moved to just using bare git repos and git hooks for deployment, only getting back to it last year when I decided to move my FOSS projects from GitHub to gitlab.com). What I do personally to follow their news is to read the RSS feed of their blog. Their posts are written by dedicated writers who often explain the features well better than a changelog entry (an example). Of course, it does not contains everything, but following everything would probably be difficult, given the amount of commits made all day long by employees.

If you want an exhaustive list nevertheless, I'd think the best is to follow the changes on the the CHANGELOG file (with its archives). When we do any significant change, we're supposed to tag our commit message so that it's picked by an automated task that updates this file, so it's a good source of truth. The only thing more exhaustive is the commit list, of course.

@earl-warren Just to not be misleading, I wouldn't call myself a GitLab expert (I've used it intensively by self-hosting it for a few years in its early days, but then moved to just using bare git repos and git hooks for deployment, only getting back to it last year when I decided to move my FOSS projects from GitHub to gitlab.com). What I do personally to follow their news is to read [the RSS feed of their blog](https://about.gitlab.com/atom.xml). Their posts are written by dedicated writers who often explain the features well better than a changelog entry ([an example](https://about.gitlab.com/releases/2024/01/18/gitlab-16-8-released/)). Of course, it does not contains _everything_, but following everything would probably be difficult, given the amount of commits made all day long by employees. If you want an exhaustive list nevertheless, I'd think the best is to follow the changes on the [the CHANGELOG file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/CHANGELOG.md) (with [its archives](https://gitlab.com/gitlab-org/gitlab/-/tree/master/changelogs?ref_type=heads)). When we do any significant change, we're supposed to tag our commit message so that it's picked by an automated task that updates this file, so it's a good source of truth. The only thing more exhaustive is the commit list, of course.

👍 2

jerger commented

2024-02-15 08:43:35 +00:00

Member

Wikipedia would be a nice place for such an overview. What do you think?

👍 1

oelmekki commented

2024-02-15 08:58:27 +00:00

It may be problematic for them. They have a policy against writing content that is not referenced in an other source, and I often see changes reverted because they use a source, but a primary one instead of a secondary one (eg, citing a press release rather than an article from a journalist reporting it). Writing about yourself or your organization is also usually frown upon.

It may be problematic for them. They have [a policy against writing content that is not referenced in an other source](https://en.wikipedia.org/wiki/Wikipedia:No_original_research), and I often see changes reverted because they use a source, but a primary one instead of a secondary one (eg, citing a press release rather than an article from a journalist reporting it). Writing about yourself or your organization [is also usually frown upon](https://en.wikipedia.org/wiki/Wikipedia:Conflict_of_interest).

👍 1

forgejo-moderation commented

2024-02-20 10:16:39 +00:00

Owner

Messages from an account created to circumvent a ban from Forgejo spaces were deleted, please get in touch with the moderation team for more information.

Messages from an account created to circumvent a ban from Forgejo spaces were deleted, please [get in touch with the moderation team](https://codeberg.org/forgejo/governance/src/branch/main/MODERATION-PROCESS.md#moderation-contact) for more information.

dachary commented

2024-02-21 11:07:47 +00:00

Author

Member

Today @natct and myself bootstrapped a timeline of GitLab features and went through all the features from the GitLab 16.9 release. Here are those that are Free Software.

On that occasion I discovered the existence of GitLab direct transfer which is relevant to F3 and how Forgejo & GitLab could communicate. This is for me a confirmation that this audit of GitLab release notes is worth the effort. I am less interested in features such as the Rich text editor that was introduced last year in GitLab and is now being used in more places. Maybe the same UI components could be used in Forgejo as well?

When reviewing a merge request, a "Request Change" comment can block the merge.
Rich text editor broader availability
CI
- GitLab Runner 16.9: Make kubernetes API retries configurable
- variables can:
  - have a description
  - detect duplicates
  - have character validation warning
  - simplify the UX to add or edit multiple variables
- workflows marked as auto_cancel:on_new_commit will be canceled when the commit associated with them changes. If marked as interruptible: true it will also have an impact on jobs currently in the pending state.
Custom guidelines for managing group and project members
Updated ~40 default GitLab SAST analyzer
Kubernetes 1.29 support
Access usage data through the REST API for instance service ping
Terraform registry
- validate modules from your group or subgroup
- allow duplicate modules
Deploy: allow users to cleanup partial resources from failed deployments
Show import stats for direct transfer
REST API support for the GitLab for Slack app

Today @natct and myself bootstrapped a timeline of [GitLab features](https://forum.forgefriends.org/t/gitlab-features-timeline/1016) and went through all the features from the [GitLab 16.9](https://about.gitlab.com/releases/2024/02/15/gitlab-16-9-released/) release. Here are those that are Free Software. On that occasion I discovered the existence of [GitLab direct transfer](https://docs.gitlab.com/ee/user/group/import/) which is relevant to F3 and how Forgejo & GitLab could communicate. This is for me a confirmation that this audit of GitLab release notes is worth the effort. I am less interested in features such as the Rich text editor that was introduced last year in GitLab and is now being used in more places. Maybe the same UI components could be used in Forgejo as well? --- * When reviewing a merge request, a "Request Change" comment can block the merge. * Rich text editor broader availability * [Requirements descriptions](https://gitlab.com/gitlab-org/gitlab/-/issues/407493) * [Vulnerability findings](https://gitlab.com/gitlab-org/gitlab/-/issues/407491) * [Release descriptions](https://gitlab.com/gitlab-org/gitlab/-/issues/407494) * [Design notes](https://gitlab.com/gitlab-org/gitlab/-/issues/407505) * CI * GitLab Runner 16.9: Make kubernetes API retries configurable * variables can: * have a description * detect duplicates * have character validation warning * simplify the UX to add or edit multiple variables * workflows marked as `auto_cancel:on_new_commit` will be canceled when the commit associated with them changes. If marked as `interruptible: true` it will also have an impact on jobs currently in the pending state. * Custom guidelines for managing group and project members * Updated ~40 default GitLab SAST [analyzer](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) * Kubernetes 1.29 support * Access usage data through the REST API for instance [service ping](https://docs.gitlab.com/ee/administration/settings/usage_statistics.html#enable-or-disable-service-ping) * Terraform registry * validate modules from your group or subgroup * allow duplicate modules * Deploy: allow users to cleanup partial resources from failed deployments * Show import stats for [direct transfer](https://docs.gitlab.com/ee/user/group/import/) * REST API support for the GitLab for Slack app

earl-warren commented

2024-02-21 14:36:01 +00:00

Owner

I think F3 covers what "direct transfer" in GitLab is about. In the context of GitLab there is this recommendation regarding users: https://docs.gitlab.com/ee/user/group/import/#prepare-user-accounts

Create the required users on the destination GitLab instance. You can create users with the API only on self-managed instances because it requires administrator access.

This may be fine for a one time migration but it could be automated. The Forgejo driver for F3 can create users if given admin access: the person doing the import needs to verify such accounts are not malicious but does not need to do the work themselves.

The migrated project items is the equivalent of the checklist of the F3 driver for Forgejo and has many more items.

Interesting read.

I think F3 covers what "direct transfer" in GitLab is about. In the context of GitLab there is this recommendation regarding users: https://docs.gitlab.com/ee/user/group/import/#prepare-user-accounts > Create the required users on the destination GitLab instance. You can create users with the API only on self-managed instances because it requires administrator access. This may be fine for a one time migration but it could be automated. The Forgejo driver for F3 can create users if given admin access: the person doing the import needs to verify such accounts are not malicious but does not need to do the work themselves. The [migrated project items](https://docs.gitlab.com/ee/user/group/import/#migrated-project-items) is the equivalent of the [checklist of the F3 driver for Forgejo](https://codeberg.org/forgejo/forgejo/pulls/2388) and has many more items. Interesting read.

dachary commented

2024-03-13 09:52:49 +00:00

Author

Member

Today @natct and myself bootstrapped a timeline of GitHub features and went through the features from the GitHub Enterprise 3.12 release.

On that occasion I discovered the existence of GitLab Actions deployments which is relevant to Forgejo. My impression is that it is an unnecessary bloat. It could be implemented without being something special in GitHub Actions. But it is tightly integrated and documented because it makes it easy to deploy on Azure. It claims to be for all third party hosting service providers, but the repository containing starters workflows mainly has Azure, and a handful of others.

There is an improvement related to merge queues which is a features that would be very useful to Forgejo, but it is non trivial to implement. Maybe the mergify implementation could be a source of inspiration, even though it is tightly bound to GitHub.

Today @natct and myself [bootstrapped a timeline of GitHub features](https://forum.forgefriends.org/t/github-features-timeline/1018) and went through the features from the [GitHub Enterprise 3.12](https://github.blog/2024-03-06-github-enterprise-server-3-12-is-now-generally-available/) release. On that occasion I discovered the existence of [GitLab Actions deployments](https://docs.github.com/en/actions/deployment/about-deployments/about-continuous-deployment) which is relevant to Forgejo. My impression is that it is an unnecessary bloat. It could be implemented without being something special in GitHub Actions. But it is tightly integrated and documented because [it makes it easy to deploy on Azure](https://docs.github.com/en/actions/deployment/about-deployments/about-continuous-deployment#starter-workflows-and-third-party-actions). It claims to be for all third party hosting service providers, but [the repository containing starters workflows mainly has Azure](https://github.com/actions/starter-workflows/tree/main/deployments), and a handful of others. There is an improvement related to [merge queues](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue) which is a features that would be very useful to Forgejo, but it is non trivial to implement. Maybe the [mergify implementation](https://github.com/orgs/Mergifyio/repositories) could be a source of inspiration, even though it is tightly bound to GitHub.

n0toose referenced this issue

2024-05-25 20:40:04 +00:00

Way to customize "issues" to turn it into a proper discussion/forum. #81

~~dev_T referenced this issue 2024-06-09 01:02:02 +00:00~~

Way to customize "issues" to turn it into a proper discussion/forum. #81

Monitoring forge features and its impact on forge federation #120