[Evergreen-dev] Git Hosting question

Jason Stephenson jason at sigio.com
Thu Nov 5 11:29:56 EST 2020


Hi, Josh.

I see Galen has already answered your email with some suggestions. I'll
tell what we do and have done at CW MARS.

We currently host our own, private Gitlab instance on a virtual machine.
This makes sense because we have more than 1 person who accesses our
code, though mostly it is just me. The host is visible on the Internet,
but I don't think you can access the web interface unless you're behind
our firewall/using our VPN. SSH access for pushes and pulls is available
from anywhere but requires a public key on the server.

We manage several different branches for Evergreen. We have our main
custom branch with all of our changes and configuration in it. There is
a version of this that I attempt to keep up to date with master so that
creating branches for future upgrades involves less conflict resolution.
We have different branches for out test and training environments,
mostly around configuration differences. We make new branches for
testing new features before merging them into our production Evergreen
branch.

We do store database credentials and passwords in the config files in
the git repository for Evergreen. This simplifies the installation and
upgrade process. One just has to copy the files into place, and you
don't have to worry about editing passwords, etc. Since only certain CW
MARS staff have git access, this is not a huge security isse.

We also use git for tracking our other custom code: SQL database
updates, a maintenance website for when we take Evergreen down, utility
scripts, etc. We have separate repositories for each of these.

Users can have their own repositories, and we don't really restrict what
can go in their "personal" repositories, though it's not like we're
talking about a huge number of people. At most, we've had 6 people with
access, and only 2 or 3 of us ever really use git. Right now, I am
pretty much the only regular user of our gitlab.

We don't get automatic updates of pushes from git.evergreen-ils.org.
It's not that we can't. I just haven't set it up. Since the branches are
mainly for our own use, I don't mind manually updating the master branch
now and then

Previously, we ran our own local git managed via gitolite, similar to
what we do with the Evergreen community server. This works, but requires
more intervention on the part of the administrator to add ssh keys, etc.
Depending upon how much control you want over repository access that can
be a good thing.

The community has been talking for 3 years about moving from
self-hosting our git repositories to possibly going with GitHub or
Gitlab, hosted by Gitlab. I wouldn't hold my breath waiting on that, but
it could affect your decision.

One can have private repositories on most git hosting services, but I
guess it comes down to how much you trust those who are providing the
hosting and how sensitive your data is.

I also tend to prefer to have control over "my" data and code. When you
put it on someone else's server you are giving them de facto control of
your data and code regardless of what the EULA may say.

I could have gone into more detail, but this wall of text is already too
high.

HtH,
Jason



More information about the Evergreen-dev mailing list