My Profile Photo

Sheogorath's Blog


Depending on the time of the day a friend, a colleague, a wise guy. The beauty of the world is its sense of humor to show humans their way by letting them search their own.


Cover image for this blog post

Shivering-Isles GitLab in 2020

As you may know, I run a GitLab instance for my private projects on one of my servers. In order to make it easy to identify I usually refer to it as SI-GitLab. And to say the least, GitLab is an amazing piece of software.

GitLab started out as a repository management platform for git. But nowadays tries to be the tool for software project. Basically maintaining the entire life-cycle of software. It provides project management tools to brainstorm and plan your application, it has of course the repository to maintain your source code itself, it provides CI features to test and validate your applications and it is able to deploy and maintain your application in a Kubernetes cluster or given it’s just a static web page, host it on the GitLab pages integration.

That’s a massive set of features and while the core of it, GitLab CE, is provided under MIT license, there is GitLab EE which adds a bunch of additional, very useful features for paying customers.

Anyway, since I’m a free software person, I run GitLab CE.1 But since this doesn’t include all features, it’s time to become creative and fix the demand for additional features myself. Let me tell you a bit what makes SI-GitLab unique.

SSO with SI-Auth

SI-Auth is my central user management with SSO capabilities. I wrote and earlier article about some details. It’s awesome because it takes away the need for people to have an account for each service and also provides central 2FA for all Services I provide at my domain.

For SI-GitLab it means that you can click on Sign-In at the upper right corner and get immediately logged in, or if you haven’t authenticated or even an account yet, being asked to authenticate or sign-up.

All accounts that come from there initially are marked as external accounts. This is intentional to reduce keep SI-GitLab in first place for myself. It’s not cheap to run this setup and space is quite limited. I can of course extend it easily, but that costs extra money. But that doesn’t mean that you can’t participate. Almost all projects allow you to request access and if you have a quick chat with me, you probably also end up with a few repositories you can host on SI-GitLab.

GitLab-CI

This is of course, not literally unique to SI-GitLab, but the way it’s set up, is probably unique. SI-GitLab provides you shared runners. Currently it’s one runner that is enabled and provides virtual machines on Hetzner. These run CI tasks and basically build the majority of images that are used by my infrastructure. In order to do this, one of the servers runs a gitlab-hetzner-runner, which is a modified version of gitlab-runner-image to be able to integrate with Hetzner. Main reason to run CI on Hetzner: pricing.

If there ever appears a bigger issue with the Hetzner integration, which I had a while back, when suddenly CI jobs got stuck and wouldn’t run properly. There is always a Digital Ocean runner on standby that will be able to take over whenever it’s needed. This makes CI as close to HA as needed.

Renovate Bot

Renovatebot is a tool, to keep your project dependencies up-to-date. You may know similar tools like dependabot or greenkeeper from GitHub. Renovatebot is an implementation by Whitesource and integrates with GitHub and GitLab. They provide it as hosted solution on both cloud platforms2. Self-hosted setups are asked to contact them.

But SI-GitLab uses their CLI tool as part of a CI integration. In the “Renovate Bot”-repository the configuration for a renovate setup is provided and runs via GitLab-CI on a weekly basis. In order to do this, there is a bot account called “Botaniker” which you can invite to your organization or project and it’ll automatically pick up your repository and provide you with Merge-Requests to get your project dependences up-to-date.

Mirror Bot

As the name indicates “Mirror Bot” allows to mirror repositories. This originates in GitLab’s feature policy which moved so-called “Pull mirrors” into the Starter-plan. In order to still get various mirrors for probably critical software components or simply projects I don’t want to lose, I wrote the “Mirror Bot” integration, which uses GitLab-CI to implement a mirror feature.

The main purpose is to get repositories from GitHub, but it can also mirror other git repositories. Besides the mirror script, it also provides a script to setup mirror repositories from GitHub. This means it takes care of common configurations like disabling issues, Merge-Requests, CI pipelines, wikis and snippets, as well as decorating the repository with the image of the author or GitHub organization and of course adds the deploy key of mirror bot to allow the bot to push changes to these repositories. The current collection can be found in the “GitHub Mirror”-group on SI-GitLab.

About GitLab Registry and GitLab pages

With all those features, you might wonder if there is anything I don’t use. And the answer is: GitLab Registry and GitLab Pages. I don’t use GitLab Pages, because there is no need for it. My static web pages are deployed by Ansible and therefore, it’s not needed to add the integration here. Also they live on another host than GitLab itself.

GitLab Registry on the other hand, would be very useful and I would really like to use it, but again, money becomes a topic. Looking at the storage cost that comes with a container registry, I decided to stay with quay.io with public repositories. I don’t have corporate secrets and publish most things under a free software license anyway. And since sensitive data doesn’t belong in container images, it’s fine to use a public registry when it saves quite some money.

Maybe I’ll run one of these things in future, but for now, there is no need.

Summary

I really enjoy working with and on SI-GitLab. Features grow together and everyday it becomes a bit more automated. There are a lot of things for external people to explore, from projects I experiment with, to those integration features as well as my infrastructure repository. Feel free to join, don’t be scared of requesting access and I hope we can work together some day.

A few days ago I also wrote a contribution policy which hopefully gets you started on SI-GitLab and allows us to work on those little bits and pieces that make free software so great, a bit better every day. See you around!

  1. Maybe also because the only features that I would really be interested in, would cost me $29 per user per month, which is quite expensive. 

  2. Gitlab.com and Github.com