Hello fellow Hoackers!
After a long discussion with @ashgenesis, we agreed that we spend too much time on Hoa infrastructure. I can list two of reasons: We stand on free services that are not always reliable, and we are a small team according to our ambitions.
In New hosting strategy, we discuss about a new hosting strategy. What we need to host:
- Our Git repositories,
- The site, and
- an ElasticSearch instance.
What we no longer need to host:
- Mailing-lists, because they have been migrated to this Discourse, and
- Emails, that are hosted by Gandi.
What we have removed:
- Download archives because most people use Composer now, this is our main source distribution vector,
- Forum (merged within the Discourse instance).
The site and the ES instance can be hosted by CleverCloud as they agree to sponsor Hoa. Thanks! What we need to host is Git repositories.
Next state, a proposal
Here is the result of the discussion we had with @ashgenesis.
Why do we need to self-host Git repositories?
- For security,
- For control,
- For bots,
- For mirrors.
The proposal: Stop self-hosting Git repositories and migrate to Github.
I don’t think we are better at security than Github. Yes we have some neat features for security, but it seriously does not increase the trust people have in Hoa, so I don’t think it worth the time we spent on it.
We can manage all the repositories as we want, archives them, back up, serve them with cgit, back up tarballs etc. Again, it takes time, Github does all of that. More recently, Github has introduced new features to manage teams, and now it’s equivalent to what we have with Gitolite. Since there is no longer any benefits, why bothering with Gitolite, cgit & co.?
Historically, Hoa provides 4 installation flavors:
- Central, globally —aka system-wide— (in
- Central, locally —aka project-wide—,
- Each library globally,
- Each library locally.
It was in the pre-Composer era. As I said, now, Composer is our main distribution vector. The second one is Git for specific libraries. It’s been years I heard somone coming to me saying: “Eh, we installed Central”. It does not make sense anymore.
Bhoat is the nice bot that keeps Central and all other library repositories in-sync. Thank you Bhoat. When a PR on Github is merged in git.hoa-project.net, then it closes everything on Github & co. It’s nice.
However, why having Central today? We can keep the repository as an issue tracker (e.g. for RFC, or project-wide issues), but it no longer makes sense to merge all library in it. Having a Central repository no longer makes sense. In this context, if we kill Central, then Bhoat is useless. Then no bot. Then we can move to Github.
On Github, we can use Bors, https://bors.tech/. @ashgenesis tried to install it locally in the past, but it works only with the Github API right now. Bors is a valuable bot for us to manage PR, and increase safety.
Bhoat was also responsible to keep mirrors in-sync. Our mirrors are:
Gitlab has a mirror feature: Pulling regularly a remote. This is how Gitlab mirrors work since recently for all repositories (@ashgenesis did this, I let him confirm). Gitlab pulls from Github (mirrors pull from mirrors, huhu). Bhoat is no longer in charge of maintaining Gitlab as a mirror, it’s automatic.
Pikacode has a smilar feature. @ashgenesis: Is it the case for all repositories? Also, I personally don’t care if we drop Pikacode as a mirror platform. We did this because we had only one mirror at that time, but now there is Gitlab.
Github is the main mirror. Bhoat still needs to keep Github in-sync. But if we drop git.hoa-project.net and switch to Github, this problem is solved.
Note that Github is the source for our Packagist entries (because we think Github is more reliable than our servers, which has been true many times unfortunately).
Moving to Github
Github is a mirror for our Git repositories, but also for our configurations. Teams, SSH keys, GPG keys, permissions, organisations… I spend too much time to update both git.hoa-project.net & its sub-infra, and Github for any new modifications.
Yes, Github is close-source. Yes, Gitlab provides more features, like CI, and better Pages, and private repo. But our community of 2400+ stargazers live on Github. Hoa is on Github. I might start my new project on Gitlab, but it’s hard to move Hoa away from Github. Everything will be easier. And that’s the goal right now.