As you look through these recommendations, keep in mind that source code storage will become in-scope for PCI DSS certification in the very near future.
I would use Gitlab only in an airgapped network. Password resets sent to attacker-supplied emails is such a complete failure of a security model it seems like it is only a matter of time until the next critical vulnerability.
If you want the full fancy GitHub, they have an on-prem enterprise edition for $21/user/month. https://github.com/pricing
But if you don’t need all their bells and whistles, or the team doesn’t care about not having the GitHub interface, then the other suggestions are better.
TBH have you tried just basic git? There’s a web interface built into git itself and you can use ssh for your repositories. It’s simple and just works. If you need a faster web interface there’s also cgit. There’s no bells and whistles either. Just configure ssh, drop your repos in /srv and get to work.
If you need more that just standard basic git the. The other suggestions here are great especially forgjo!
I’m aware this is the selfhost community, but for a company of 20 engineers, it is probably best to use something commercial in the cloud.
Biggest pain point was for our ops guy, who constantly had to stay behind to perform upgrades and maintenance, as they couldn’t do it during business hours when the engineers are working. With a team of at least 20, scheduling downtimes could get increasingly more difficult.
It also adds an entire system to be audited by the auditors.
The selfhost vs buy commercial kind of bounces back and forth. For smaller teams, less than 5 to 10 engineers, it might be a fun endeavour; but from that point on, until you get to mega corp scale with dedicated ops department maintaining your entire infrastructure, it is probably more effective to just pay for a solution from a major vendor in the cloud instead.
That really depends on who buys them. If it’s something like Datadog, maybe that’s a good thing and they can compete with Github better. It’s probably not great for self-hosters, but it could be a great thing for the commercial software ecosystem.
No PRs means no automated tests/CI/CD, which means you’d slow down the release train. It might typically be just a 2 minutes quick cycle, but that one time it goes off for longer due to a botched update from upstream means you’re never going to do that again during business hours.
Eh, we’ve had our self-hosted Github go down for a couple hours in the daytime, and it wasn’t a big deal. We have something like 60 engineers spread out across the globe, about 15-20 that were directly impacted by the outage (the rest were in different timezones). Yeah, it was annoying, but each engineer only creates like 1 or 2 PRs in a given day, so they posted their PRs after the outage was resolved while working on something else. Yeah, PRs were delayed by a couple hours, but the actual flow of work didn’t change, we just had more stuff get posted all at once after the problems resolved.
In fact, Github would have to be out for 2 days straight before we start actually impacting delivery. An hour or two here and there really isn’t an issue, especially if the team has advance notice (most of the hit to productivity is everyone trying to troubleshoot at the same time (is it my VPN? Did wifi die? Etc).
We have similar (legal is paranoid about our competitors getting our algorithms), so we just put our self-hosted cloud stuff behind our VPN. Nothing we run is on-prem, but almost everything is in our cloud infra.
In our case cloud is fine, as long as it’s within our security boundary- so that means external SaS is out, but hosted within our cloud is fine. I’m still not super excited about the prospect of managing and maintaining it though :/ We’re going down this path because AWS is killing code commit and other pipeline stuff, which sucks because even though other tools are better, code commit was fedRamped and from the same vendor.
I’ve been looking at gitea because of its gitops capabilities that seem to be pretty much on par with github actions. Do you know if forgejo has something similar? There seems to be a lack of documentation in that area. This has been my only reason for not moving to forgejo but im hoping im wrong and just missed some documentation.
EDIT: Thank you all who provided some additional insights that I was missing. I’ll take the leap and give forgejo a try!
Forgejo actions is basically GitHub actions. The difference in my ci scripts is a single line and you can even use GitHub action templates or whatever they’re called.
You just need to add some runners to your server, which is pretty easily doable by just using some docker container and deploying that multiple times
There are forejo runners and they seem compatible with a bunch of github actions. I created one that builds a docker image and publishes it on the repo.
Any evidence of that? Genuinely curious as I can’t really find anything about them being by the same people and forgefed started as mailed-based prior to forgejo existing.
edit: seems like they are funded by different organizations and the main contributors to forgefed never worked on forgejo, they worked on vervis though.
The codebase history of Forgejo and its predecessors predates Codeberg. However, since 2022, Codeberg is backing the development of Forgejo as an umbrella organization.
I’ll come out with an anti-recommendation: Don’t do GitLab.
They used to be quite good, but lately (as in the past two years or so) they’ve been putting things behind a licensing paywall.
Now if your company wants to pay for GitLab, then maybe consider it? But I’d probably look at some of the other options people have mentioned in this thread.
I’m all for foss but foss shall not be a reason to stay behind. We’ve got enough money to pay for it. We just can’t host it anywhere. We have to selfhost it. If there’s a good reason to use gitlab over forgejo, we will use gitlab.
Gitlab’s main advantage is the tight integration with CI/CD and a web based IDE. But it has some annoying limitations in the non-enterprise version.
Forgejo is great, but it comes with only community support.
You can get commercial support from the Gitea project (from which Forgejo forked off), but if that is something important for you, Gitlab has probably also better commercial support structures in place.
I would go with Gitea or Forgejo (not sure how this is going to last) if you need a complete experience like a WebUI, issues, PR, roles and whatnot.
If you’re looking for just a git server then gitolite is very good and solid option. The cool thing about this one is that you create your repositories and add users using a repository inside the thing itself :).
Then you can use any Windows GUI you would like like Fork, SourceTree, your IDE etc…
If you only need a bare minimum, and don’t plan to heavily use CI/CD, container/packages registries, integrations with other tools i would go with gitea/forgejo (you can always use external tools on top), else i would use selfhosted Gitlab, it has pretty much all the things you could imagine to need with software development and deployment
+1 for Gitlab. As the number of developers increases the features of Gitlab will get more and more important. Only OP can say, but if they’re closer to 9 developers than 2, I think it’s a safe bet they’ll need the extra features sooner rather than later.
If you don’t need CI/CD I’m not sure why you need a centralized frontend at all. Git itself is distributed and you can setup any code flow you can think of. It has hooks that can be used to set up code quality checks on select branches. There are local history browser apps for every platform and IDE plugins.
A frontend is no substitute for developer communication — usually what the “PR” thing does is sugarcoat the fact the devs don’t know how to use Git and/or don’t talk to each other.
Gitea or forgejo, for hosting your repo and managing access rights. WoodpeckerCI when you eventually need a CI/CD. (Is a fork of DroneCI and integrates nicely with gitea.)
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
As you look through these recommendations, keep in mind that source code storage will become in-scope for PCI DSS certification in the very near future.
If money isn’t a problem then gitlab is your best choice.
It’s the most mature of the options you have available to you.
I use gitlab for airgapped networks
I would use Gitlab only in an airgapped network. Password resets sent to attacker-supplied emails is such a complete failure of a security model it seems like it is only a matter of time until the next critical vulnerability.
Yeah their security track record as of late is pretty bad…
Gitlab Community edition is what we use
If you want the full fancy GitHub, they have an on-prem enterprise edition for $21/user/month. https://github.com/pricing
But if you don’t need all their bells and whistles, or the team doesn’t care about not having the GitHub interface, then the other suggestions are better.
https://forgejo.org/
deleted by creator
TBH have you tried just basic git? There’s a web interface built into git itself and you can use ssh for your repositories. It’s simple and just works. If you need a faster web interface there’s also cgit. There’s no bells and whistles either. Just configure ssh, drop your repos in /srv and get to work.
If you need more that just standard basic git the. The other suggestions here are great especially forgjo!
I will look into it, thank you for that!
I’m aware this is the selfhost community, but for a company of 20 engineers, it is probably best to use something commercial in the cloud.
Biggest pain point was for our ops guy, who constantly had to stay behind to perform upgrades and maintenance, as they couldn’t do it during business hours when the engineers are working. With a team of at least 20, scheduling downtimes could get increasingly more difficult.
It also adds an entire system to be audited by the auditors.
The selfhost vs buy commercial kind of bounces back and forth. For smaller teams, less than 5 to 10 engineers, it might be a fun endeavour; but from that point on, until you get to mega corp scale with dedicated ops department maintaining your entire infrastructure, it is probably more effective to just pay for a solution from a major vendor in the cloud instead.
This is weird.
Hosts selected for updates will be unavailable from 2100-2110 or so. Then they’re up.
They’re done by at/cron if they’re selected.
There’s no manual work if the monitoring system thinks they’re okay.
Gitlab-ce on-prem. Although that may now suck since they’re being bought out; and we all know how that went for redhat.
That really depends on who buys them. If it’s something like Datadog, maybe that’s a good thing and they can compete with Github better. It’s probably not great for self-hosters, but it could be a great thing for the commercial software ecosystem.
Git should be able to go down during the day. Worst case you just can’t push to origin for a little while. You can still work and commit locally.
No PRs means no automated tests/CI/CD, which means you’d slow down the release train. It might typically be just a 2 minutes quick cycle, but that one time it goes off for longer due to a botched update from upstream means you’re never going to do that again during business hours.
Eh, we’ve had our self-hosted Github go down for a couple hours in the daytime, and it wasn’t a big deal. We have something like 60 engineers spread out across the globe, about 15-20 that were directly impacted by the outage (the rest were in different timezones). Yeah, it was annoying, but each engineer only creates like 1 or 2 PRs in a given day, so they posted their PRs after the outage was resolved while working on something else. Yeah, PRs were delayed by a couple hours, but the actual flow of work didn’t change, we just had more stuff get posted all at once after the problems resolved.
In fact, Github would have to be out for 2 days straight before we start actually impacting delivery. An hour or two here and there really isn’t an issue, especially if the team has advance notice (most of the hit to productivity is everyone trying to troubleshoot at the same time (is it my VPN? Did wifi die? Etc).
Nope. Hosting in the cloud isn’t possible due to legal reasons.
I don’t think that downtimes area serious issue for us.
We have similar (legal is paranoid about our competitors getting our algorithms), so we just put our self-hosted cloud stuff behind our VPN. Nothing we run is on-prem, but almost everything is in our cloud infra.
In our case cloud is fine, as long as it’s within our security boundary- so that means external SaS is out, but hosted within our cloud is fine. I’m still not super excited about the prospect of managing and maintaining it though :/ We’re going down this path because AWS is killing code commit and other pipeline stuff, which sucks because even though other tools are better, code commit was fedRamped and from the same vendor.
Must be very unique sector. Good luck with your explorations!
It is :) thanks!
GitLab CE self hosted
For the server I’ve used gogs for many years. It was easy to set up and has a web interface. What client you use is really up to you with git.
https://gogs.io/
I can vouch for Forgejo
https://forgejo.org/
Easy to set up, has a website GUI like Github/GitLab you can use git GUIs with it
https://codeberg.org runs on Forgejo
I’ve been looking at gitea because of its gitops capabilities that seem to be pretty much on par with github actions. Do you know if forgejo has something similar? There seems to be a lack of documentation in that area. This has been my only reason for not moving to forgejo but im hoping im wrong and just missed some documentation.
EDIT: Thank you all who provided some additional insights that I was missing. I’ll take the leap and give forgejo a try!
Forgejo is a fork of gitea, and it only became a hard fork earlier this year, so if gitea does something, forgejo probably does it as well.
Forgejo actions is basically GitHub actions. The difference in my ci scripts is a single line and you can even use GitHub action templates or whatever they’re called.
You just need to add some runners to your server, which is pretty easily doable by just using some docker container and deploying that multiple times
That’s the problem. GH actions su-huck.
In what way? Works for me
There are forejo runners and they seem compatible with a bunch of github actions. I created one that builds a docker image and publishes it on the repo.
Forgejo is leading the federated git initiative
Just to give credit where credit is due, git federation is a Forgefed Initiative
Forgejo is implementing it in their platform.
Sure, they are the same people
Any evidence of that? Genuinely curious as I can’t really find anything about them being by the same people and forgefed started as mailed-based prior to forgejo existing.
edit: seems like they are funded by different organizations and the main contributors to forgefed never worked on forgejo, they worked on vervis though.
I believe it was this issue that made me think this way
Thank you! That would be my go to for my own projects as well. As far as I know they don’t want company sponsorship. I am unsure about sustainability
In what regard?
That the project will be developed in a year or two
Maybe check how long it is already going, so it can give you some confidence. Forgejo is a fork of gitea, which is a fork of gogs.
Also, codeberg, a nonprofit from Germany, is supporting development.
https://docs.codeberg.org/getting-started/what-is-codeberg/
I’ll come out with an anti-recommendation: Don’t do GitLab.
They used to be quite good, but lately (as in the past two years or so) they’ve been putting things behind a licensing paywall.
Now if your company wants to pay for GitLab, then maybe consider it? But I’d probably look at some of the other options people have mentioned in this thread.
The company behind GitLab is seeking buyout offers, so make of that what you will.
My employer uses GitLab CE and it’s pretty good, and it is FOSS. The EE version is “open core” so not really FOSS.
If I were starting from scratch I’d be looking into Gitea/Forgejo as well.
I’m all for foss but foss shall not be a reason to stay behind. We’ve got enough money to pay for it. We just can’t host it anywhere. We have to selfhost it. If there’s a good reason to use gitlab over forgejo, we will use gitlab.
Gitlab’s main advantage is the tight integration with CI/CD and a web based IDE. But it has some annoying limitations in the non-enterprise version.
Forgejo is great, but it comes with only community support.
You can get commercial support from the Gitea project (from which Forgejo forked off), but if that is something important for you, Gitlab has probably also better commercial support structures in place.
Thanks for the sum up
Money is not an issue. We’re happy to pay for everything. I’ll talk to the others in the next round to get to a conclusion.
Yeah, for the integrated CI/CD, give GitLab a shot - it saves on spinning up a Jenkins or ConcourseCI server.
CI/CD can be useful for triggering automation after merge requests are approved, building infrastructure from code, etc.
I would go with Gitea or Forgejo (not sure how this is going to last) if you need a complete experience like a WebUI, issues, PR, roles and whatnot.
If you’re looking for just a git server then gitolite is very good and solid option. The cool thing about this one is that you create your repositories and add users using a repository inside the thing itself :).
Then you can use any Windows GUI you would like like Fork, SourceTree, your IDE etc…
If you only need a bare minimum, and don’t plan to heavily use CI/CD, container/packages registries, integrations with other tools i would go with gitea/forgejo (you can always use external tools on top), else i would use selfhosted Gitlab, it has pretty much all the things you could imagine to need with software development and deployment
+1 for Gitlab. As the number of developers increases the features of Gitlab will get more and more important. Only OP can say, but if they’re closer to 9 developers than 2, I think it’s a safe bet they’ll need the extra features sooner rather than later.
At work we selfhost gitlab (paid) and I’m checking gitea for my own projects. They have a good comparison table at https://docs.gitea.com/installation/comparison
Do you also need CI/CD?
Also working in a small team with Gitea. Pretty solid the last few years.
Same. Really happy with it.
Is there a reason to choose gitlab over gitea?
We do not need ci/cd
If you don’t need CI/CD I’m not sure why you need a centralized frontend at all. Git itself is distributed and you can setup any code flow you can think of. It has hooks that can be used to set up code quality checks on select branches. There are local history browser apps for every platform and IDE plugins.
A frontend is no substitute for developer communication — usually what the “PR” thing does is sugarcoat the fact the devs don’t know how to use Git and/or don’t talk to each other.
If you don’t need CI/CD I don’t see any reasons to choose Gitlab over gitea. But I’m still testing gitea so take my words with a grain of salt :)
Gitea also has excellent CI support with builtin compatibility with github
Gitea or forgejo, for hosting your repo and managing access rights. WoodpeckerCI when you eventually need a CI/CD. (Is a fork of DroneCI and integrates nicely with gitea.)