[all][foundation][ecosystem] External projects under the foundation hat

Artem Goncharov artem.goncharov at gmail.com
Wed Jun 22 14:38:24 UTC 2022

> On 22. Jun 2022, at 15:12, Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2022-06-22 10:12:16 +0200 (+0200), Artem Goncharov wrote:
> [...]
>> I went multiple times through explaining “change” model to both
>> experienced and unexperienced people and is usually painful.
> And you also have less trouble explaining the convoluted GitHub
> "pull request" workflow to someone who has never heard of Git or
> GitHub?

Yes, I do. And there are much less people who has never heard of GitHub.

>> In the Outreachy we also have same practice each time and this is
>> for people just harder to understand (I see project on GitHub, why
>> can’t I open PR here like I would do for every other project on
>> GitHub).
> [...]
> OpenStack does its best in the org and repo descriptions on GitHub
> to highlight that they're convenience mirrors, and to point to the
> community's accepted workflows. Does that get overlooked? Is there
> something better that could be done to make it clear?

I doubt we can improve this. We mention in the project description it is mirror, but that is too easy to overlook. Otherwise every readme should start with bold statement: "do not open PRs here"

> [...]
> I think supporting multiple commit workflows and code review tools
> within the OpenDev Collaboratory would be even more confusing and
> add further conceptual barrier (what do you mean to commit to
> OpenStackSDK I need to use a different set of tools and review
> process than gophercloud, even though they're both in OpenDev?).
> But from a technical feasibility standpoint, it's also more than
> just the lack of a Gitea driver for Zuul: our current Gitea server
> farm is read-only for technical reasons including lack of support in
> Gitea for a shared writeable storage backend, the fact that we would
> need to set up separate authentication/account management (we still
> need help from more people to make progress on our Keycloak SSO
> deployment), not to mention it would effectively double the security
> risk profile.

Thanks for adding more technical infos here, it was just an idea. 

>> I agree we need to support making landscape flexible. But I am not
>> 100% sure we should currently (due to general lack of
>> contributions) simply refuse those willing to contribute into
>> OpenStack . Terraform is a very prominent example here as well -
>> you must be on GitHub to publish your artefacts. Don’t we want to
>> have official TF provider following our best practices (therefore
>> this is not an infrastructure only question)?
> [...]
> Is a source code mirror on GitHub not sufficiently "on GitHub" from
> Terraform's perspective?

Should be sufficient

>> we may explore publishing to GitHub mirror releases while still
>> doing development on gitea. That requires having GH app token
>> though (that is actually where those Vault plugins are being
>> useful - you just fetch the token from vault and it expires
>> afterwards).
> [...]
> OpenStack's GitHub mirroring relies on a Zuul job with account
> credentials for the openstack org encoded as a secret in the job
> definition, and other projects do similarly for mirrors to their
> respective orgs as well. Performing other API interactions in jobs
> is similarly possible, so telling GitHub to make a "release" of
> something there would probably be a trivial addition.

Absolutely sufficient. Basically they refer on the webhook that gets triggered on pushing new “release”. But that is just one example of things requiring something different to how we work.

>> I would rather disagree with such statement: just because you host
>> your code on a proprietary hosting (but make it freely available)
>> does not mean your are violating this mission. I also believe we
>> should be using open source tools (and we do that), but that
>> doesn’t mean everyone else is breaking bad [not meant to be
>> abusive statement].
> You're spending your valuable time producing open source software,
> so you must see some value in your choice to make it open source and
> would rather users picked it over proprietary alternatives. I
> personally would feel rather hypocritical were I to claim that open
> source development is a good thing when it's the software I'm
> creating, but that I don't find the open source alternatives to
> proprietary code hosting and development tools similarly valuable
> and would rather choose what's convenient or popular instead. How
> can I expect the communities producing those tools to make traction
> against proprietary platforms if I choose to be part of that problem

For me the problem here is not whether GitHub is open source or not. Surely there are open source solutions, but that require company to actually run this hosting. You can try to to go opendev to do development there, but here you pay with gerrit.

> rather than part of the solution? I feel similarly disheartened when
> I attend an open source software conference and see someone give a
> presentation extolling the virtues of these practices, while clearly
> running their slide deck from MacOS or Windows.

My company gives me laptop (and actually there are valid reasons for running some form of Enterprise stuff there). I have honestly no freedom in what I use to run slide decks. I would really love to have a purely Linux laptop, but I can’t. However I do my best to use open source tools to create my slide decks.

On the other side you mentioned gitea is lacking support for required piece and that is exactly the case where you eventually can’t chase open source anymore. We can try, but I doubt we are able to reimplement so many things in the purely open source style. I guess not even any car now runs with a purely open source firmware. Would you not use it because of that?

>> Generally we have again here the same “infra” concerns in the
>> discussion (which are already known historically, but anyway
>> thanks for making them clear again), but what about other
>> opinions? Are there any other thoughts or am I the only one
>> interested to get this sorted out?
> If I can try to restate your request, it seems like you want to
> develop software using some different tool choices than those
> available in the OpenDev Collaboratory. All the software we run in
> OpenDev (and all the software we use to develop and maintain the
> services and deployment in OpenDev) is 100% open source, along with
> its configuration. If you want to run a different combination of
> those services for your community while reusing some of OpenDev's
> solutions, you absolutely can do that and a number of people do so
> already.

I know it is possible, but we didn’t proceed this way (most likely due to your statement in http://lists.openstack.org/pipermail/openstack-discuss/2021-November/025663.html)

>> Just to repeat, my current case is really about a very strong
>> desire and, I would say even need, to have gophercloud be very
>> close to OpenStackSDK. Can we at least think about placing them
>> under OpenStack GitHub org without Zuul access to have a better
>> affiliation with OpenStack (gopher folks, hope you do not mind of
>> such step. Or maybe we try to demonstrate here how to make this
>> manageable with Zuul - reach me out if there is interest)?
> [...]
> I'm probably still misunderstanding what you mean by "very close to"
> in this statement. If the most important aspect of this is that
> gophercloud appears in the openstack org on GitHub, but you don't
> wish to actually use the development methodology and code review
> workflow of the OpenStack community, then that doesn't seem close at
> all. But maybe you mean "close" from a marketing perspective?
> Mirrors to GitHub are not something OpenDev sysadmins really even
> get involved with, it's just automation individual projects implement
> and maintain for themselves, so it's the OpenStack TC's choice as to
> what projects they'll allow to appear in their GitHub org, and
> really nothing to do with the OpenDev Collaboratory itself.
> And one thing I still don't feel like you've covered is your earlier
> assertion that gophercloud project leadership was told the OpenInfra
> Foundation refused to legally represent them unless they hosted
> their development in the OpenDev Collaboratory. As I mentioned in my
> earlier reply, there are already OpenInfra projects which do all
> their software development in GitHub and run their own CI systems
> completely separate from OpenDev, so I really doubt you've been
> given an accurate account of what was discussed between foundation
> leadership and gophercloud folks. It would probably be good to seek
> further clarification there.

Maybe right. Afaik (at least what I followed) the discussion got stuck on a statement that the folks must move to opendev to achieve that and they could not agree on that due to fear of loosing contributors). I have only http://lists.openstack.org/pipermail/openstack-discuss/2021-November/025884.html <http://lists.openstack.org/pipermail/openstack-discuss/2021-November/025884.html> as last message to refer to. 

My ultimate goal (“very close”) would be to have gophercloud on opendev and be a delivery of SDK team so that we can use same tooling and standards to test them. If being located on opendev is not an option I would love to have it on ANY git hosting with opendev Zuul integration to still be able to use same tooling to test them. If this ANY hosting is GitHub I would prefer to see it under OpenStack organisation from marketing perspective. Same would be valid for terraform provider for OpenStack, especially from marketing point of view, but I do not really know whether its maintainers are having an interest in that at all. At the moment those 2 examples are affiliated with OpenStack, but they feel so much detached from OpenStack development, that it does not really look proper to me. Since we may talk generally about "OpenStack affiliated" products of course there might be some limitations.

I learned openlab got problems, so gopher and TF are not even able to run Zuul jobs anymore. So unless somebody offers Zuul they can’t even do proper gating.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220622/6c3d55c1/attachment.htm>

More information about the openstack-discuss mailing list