On Tue, Jun 21, 2022, at 8:03 AM, Artem Goncharov wrote:Hi all,
During the summit we had some nice conversations and I wanted to
actually use the chance and try to formalise the discussion to gather
broad opinions and ideally solutions.
Sidenotes:>>>>>
- I enjoy opendev
- I really enjoy gerrit and find it an ultimate code review system
- I can understand people not able to cope with additional complexity
and prefer pull request pattern to the change pattern
I think we should be careful with the assertion that Gerrit is more complex. It is different, but I'm not sure it is more complex. Pushing to Gerrit isn't any more complex than pushing to Github. Github even has the extra step of needing to open a pull request explicitly. But it is different and does require learning a different process.
Ok, accepted. Personally I agree and disagree with your statement, cause I went multiple times through explaining “change” model to both experienced and unexperienced people and is usually painful. In the Outreachy we also have same practice each time and this is for people just harder to understand (I see project on GitHub, why can’t I open PR here like I would do for every other project on GitHub). But that is not relevant here. I will try to avoid statement “more complex” in future communication.
BTW, are we absolutely and unbendable strict on using change methodology vs pull? I mean would there be conceptual disagreement on using PR approach on
opendev.org with purely gitea for those “ecosystem” tools? The process (and UI) feels exactly like GitHub and I guess we could cover lot of concerns. I know we currently do not have Zuul support for gitea API, but I would be willing to contribute to that once this is an option at all. My experience show that when there is huge conceptual barrier it is possible to guide people through by moving them slowly into this direction and showing them advantages while going forward (first move them from GH to opendev keeping PR style, then once people see limitations of PR model show how “change” model addresses those concerns) - doing small steps.
Practically this would mean we need:
- introduce auth on
opendev.org (integrate with existing accounts?)
- be ready for the git storage to grow (due to forks)
- extend infra maintenance tools to cope with projects configuration
- introduce gitea driver in Zuul
- I use PR change pattern for relatively simple projects (and lot of
other huge projects do it this way)
- I am not blaming and not going to blame anybody here
End sidenotes>>>>>>
- Some month ago gophercloud folks came to us and wanted to give source
code under the foundation. Feedback from us was more or less: you
either host on opendev and use gerrit or not at all. Members of gopher
cloud rejected proceeding this way with detailed reasoning. I can fully
understand reasonings and I also observe similar issues with
auto-closed GitHub PRs (for SDK or OSC) and the fact that those changes
in most of the cases never really reach gerrit. Especially in the SDK
area it would have been very useful to get various SDKs under single
team to spread the know how and synchronise their feature sets. Maybe
even use shared credentials to public OpenStack clouds to verify and
publish their coverage.
- Some software solutions (especially those based on Golang) were
designed with GitHub in mind and are actually not really working
outside. For example in order to publish provider for HashiCorp
Terraform into their registry your product must be hosted on GitHub
(particularly you must upload build artifacts as release on GH). There
is sadly no other possibility.
This isn't the only instance we've run into this. The CNCF's Cloud Native landscape (https://landscape.cncf.io/) requires open source projects be hosted on Github (not not proprietary systems....). From my perspective, I think this calls out why it is important for us to continue to push back against these rules. Software is built in a number of places and if we force people to use Github (and other proprietary tools) we move away from part of the mission here.
I agree we need to support making landscape flexible. But I am not 100% sure we should currently (due to general lack of contributions) simply refuse those willing to contribute into OpenStack . Terraform is a very prominent example here as well - you must be on GitHub to publish your artefacts. Don’t we want to have official TF provider following our best practices (therefore this is not an infrastructure only question)?
As mentioned above - if we address concerns of developers by starting supporting also PR model we can have more arguments to strengthen our position.
- My company has created HashiCorp secretstore plugin for OpenStack and
we are willing to donate this under the foundation to have proper
ownership of the software (not to have our company name in the hosting
path since it is pretty confusing). From features point of view there
is still place to evolve and it would be cool to get other interested
parties to participate. We would be able to OpenDev without conceptual
issues and are going to request projects for that, but that still has
one issue: publishing of binary artifacts - not immediately available
in opendev (afaik). On GitHub we publish it as GH Release.
OpenDev supports publishing of binary artifacts through a number of mechanisms. OpenStack wheel packages are pushed to pypi, docker images are pushed to Docker Hub and Quay and so on, tarballs.opendev.org hosts other random artifacts as well. It sounds like you specifically need Github Releases though. Can you not trigger releases against mirrored content? I think that should work? You might need to be more specific about what the actual needs are here.
Awesome hint. I completely forgot we have
tarballs.opendev.org. This is absolutely sufficient for my case, but in general we may explore publishing to GitHub mirror releases while still doing development on gitea. That requires having GH app token though (that is actually where those Vault plugins are being useful - you just fetch the token from vault and it expires afterwards).
As such the point I am trying to address is that we as a very big
project should be bit more open to the world of tools around OpenStack
(I mean explicitly **not** the OpenStack itself) and allow easy
integration for those who want to extend OpenStack ecosystem. Depending
on the particular application this may set certain limitations on the
solution (i.e. must be on GitHub, must use Jira, whatever) which might
be not compatible out of box with the OpenDev scheme. Do we as a open
community want to set strict boundaries or can we ease some of those
for the ecosystem around of OpenStack?
- Would it be possible for the project hosted outside opendev be
governed by OIF and somehow visually belong to OpenStack? (As a user I
would definitely choose to use GitHub.com/openstack/project_x rather
then GitHub.com/some_crappy_nic/project_x)
OIF does have projects that are not hosted on OpenDev. Whether or not OpenStack wants to have projects hosted outside of OpenDev is probably the major item to sort out here.
Precisely this is the point. I am sure we can solve technical issues, but we need to have structural things clarified first - thus this discussion.
@foundation/tc - please comment.
- Can such project enjoy Zuul integration not being part of opendev git
hosting? Technically it is surely possible (Ansible modules were tested
this way), but requires in my eyes precise definition.
The OpenDev team tried to provide CI integration with Github provided projects (some Kata repos) and found that we weren't able to do it at a level that was maintainable. Github itself poses a number of challenges, but we also found that projects there being even more disconnected were even less likely to be involved in helping themselves which is something that we currently rely on to make this collaboratory successful. All that to say we (the OpenDev team) cannot provide CI resources to Github repos.
We do provide third party CI for a small number of projects with the expectation that people on the OpenDev hosted project side are able to care and feed for that.
Fair point. That is why I wrote that I would be able to support this (due to having maintainable solution working on our side). There should be just willingness and allowance to move into this direction.
I think this calls out the fundamental disconnect here. We use open source tools because we believe that open source needs and should be built with open source tools. That does require a little bit of investment from the project side to ensure the tooling functions as needed and is maintained.
I would rather disagree with such statement: just because you host your code on a proprietary hosting (but make it freely available) does not mean your are violating this mission. I also believe we should be using open source tools (and we do that), but that doesn’t mean everyone else is breaking bad [not meant to be abusive statement].
Generally we have again here the same “infra” concerns in the discussion (which are already known historically, but anyway thanks for making them clear again), but what about other opinions? Are there any other thoughts or am I the only one interested to get this sorted out?
Just to repeat, my current case is really about a very strong desire and, I would say even need, to have gophercloud be very close to OpenStackSDK. Can we at least think about placing them under OpenStack GitHub org without Zuul access to have a better affiliation with OpenStack (gopher folks, hope you do not mind of such step. Or maybe we try to demonstrate here how to make this manageable with Zuul - reach me out if there is interest)?
P.S. For the case when zuul/github integration (management) is the only
limiting factor I will be gladly supporting the integration and
maintenance, since we have created an Ansible collection for managing
of GitHub organisations/projects/teams/members (in the project-config
spirit) which we use to manage our deployment (and I know others are
using it as well).
Tell me what you think and let us, please, focus on how to cope with
different expectations rather which one is right and which is wrong.
Thanks a lot,
Artem