Hi Denis, Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> writes:
> On Sat, 22 Feb 2025 22:35:21 +0900 > Maxim Cournoyer <maxim.courno...@gmail.com> wrote: >> [0] https://forge.a-lec.org/ (self-hosted in France by a nonprofit! [1]) >> [1] https://www.a-lec.org/ > Personally I have a private repository on forge.a-lec.org that I use > for Q/A for a project I participate in, and so I push and pull > regularly from it, and it has significant downtime (It's subjective but > I've seen it down way more than Savannah). So I ping neox each time that > happens and he does what needs to be done to bring the service back > online (he's involved in maintaining these services). It'd be interesting to have some feedback from neox regarding the effort and challenges of self-hosting a Forgejo instance, which we consider doing as a project in the future. > Since this is operated by volunteers, people can join and help somehow, > but not only it probably requires to be a member of the association, > but as usual it also requires time. International projects already > asked for hosting in this infrastructure so it may be possible to join > remotely but I didn't try that. OK! [...] > > The problem is that automatic builds depend on NodeJS and docker, and > while there might be ways to workaround both they require time and I > didn't look into it, and some of the ways to workaround might not be > straightforward (for instance docker-registry has no > usable authentication / authorization for such use cases, it requires > additional software that probably need to be packaged, all that > probably need to be integrated somehow not to point to docker.io, etc). > > I've done work here and there to try to fix the docker issue in a more > generic way but it's far from finished. > > My idea was to first find a way to enable communities to setup their > own public docker registry like Fedora does, and then find ways that > would work for FSDG distributions to publish their docker container in > either self-hosted repositories and/or in a public one that only > accepts FSDG compliant images. > > All that requires a flexible enough authentication/authorization to work > and that is however not packaged nor tested (or documented) in any FSDG > distro yet. Making 100% private repositories work fine though, > including in Guix. Is Docker the only current solution for runners in the CI? Perhaps we'll have to contribute hooks to run within a Guix shell environment or similar. Or worst case we'd produce a Docker image that we could keep in a private Docker repository yes... not super elegant but that'd work, I guess. > Once this is taken care of, remains the fact that the security would be > downgraded from GPG to HTTPS, but that is probably not the end of the > world and things could probably be worked around if needed with the help > of that authentication/authorization for instance by mirroring docker > repositories locally, using self-signed certificates and/or localhost, > etc. That doesn't strike me as overly important for the use case I foresee of a CI on Codeberg (probably just running 'make check -jN'). > Having a less generic solution might be better though, like using > 'guix' or 'debootstrap' to build containers within the forgejo, but > that also require volunteers to implement that. We already have Docker image generation support via 'guix pack -f docker', and also 'guix system image -t docker' so that should be feasible yes. -- Thanks, Maxim
