Avatar

thelonelyghost

thelonelyghost@infosec.pub
Joined
0 posts • 8 comments
Direct message

This reads the same as “hi, my friend saw my {dating app} date’s photo up at the post office with the note that they were wanted for the murder of 16 different {my demographic}. Should I still go on a date with them to that remote cabin in the woods?”

permalink
report
reply
  • direnv
  • nixpkgs (with flakes enabled)
  • committed flake.nix and flake.lock
  • Makefile or several shell scripts in bin/ for common tasks

(explainer)

permalink
report
reply

Like what?

  • OCI registry? GitLab.
  • pull request model? Every one of the competing services
  • CI/CD system based on YAML definitions? Most every competitor.
  • static site hosting? Most competitors
  • protected branches? Most competitors

I’m not saying there isn’t vendor lock-in, but I am saying it likely isn’t the features of GitHub that are limiting that. Third party integrations will follow wherever the foot traffic goes.

permalink
report
parent
reply

Killer feature of gitlab that I have yet to see replicated is automatic repo creation on git push. This makes GitLab my go-to for this role.

permalink
report
parent
reply

That’s hilarious because for automated access to the API, without tying to a single specific user account (for attrition purposes), my company was advised by Microsoft Support to create a service account for that API access. The process was the exact same as any other user account because… it WAS like any other user account.

permalink
report
parent
reply

Basically only web apps can do CD

CD == Continuous Delivery, which can also mean publishing a new “release candidate” artifact. Maybe there is a more stringent QA system downstream, such as QA teams after a car gets a firmware update to that release candidate.

A lot of enterprise and industry software […] have stringent vetting procedures that mean they can spend months verifying and approving a new major version before upgrading

This happens on the consumer side too, with risk averse customers, even if they adopt a continuous delivery paradigm upstream. It’s also a common argument against a rapid release model, but is often dismantled when appropriate, automated safeguards are put in place. Not always possible to automate everything, due to regulations, but automating the bulk of the tests are in everyone’s best interests.

How are those tests triggered? On developer machines? Not very reliable that a human will remember to execute them, even if it was possible to run them all from a workstation. That’s why there’s a bastion host or, hopefully, set of hosts to run those tests and builds. That’s the CI/CD system. That’s the value.

permalink
report
parent
reply

And can integrate with git? Examples?

I haven’t found a platform that handles issues integrated with git (as a technology) except, maybe, git-bug.

The wiki concept is simple; an external repo that’s a static site generator. All GitHub’s wiki happens to be is a fancy UI around Gollum wiki.

The protected branches and other git hooks are definitely part of the git-hooks feature that ship with the software.

Honestly, the full integration and friendliness to self-hosting had me seriously looking at Fossil, until I saw some opinions I couldn’t get on board with (e.g., automatically pushing to/pulling from remote on every commit)

permalink
report
parent
reply