#GitLab
@publicvoit We really need an user-friendly alternative to #GitHub. Love seeing that both @forgejo and #GitLab work on ActivityPub support. Can't wait to try it out.
Not many CI providers can brag about having users as prominent as #Debian. Got to give it to #GitLab. https://about.gitlab.com/blog/2023/09/19/debian-customizes-ci-tooling-with-gitlab/ #DevOps #DevSecOps #OpenSource
Looks like #gitlab 's new interface is still buggy? When clicking on the (+) symbol to create something new, I get just this white line (both in FF and Chrome):
Good to see #GitLab chipping in to take over the on-premises #Atlassian people on JIRA and BitBucket. That combo felt outdated years ago. https://about.gitlab.com/blog/2023/09/26/atlassian-server-ending-move-to-a-single-devsecops-platform/ #DevOps #DevSecOps
"#GitLabSecurityRelease 🛡️ - Unveiling GitLab 16.4.1: A Step Forward in Secure Coding 🚀"
GitLab has released important security updates (versions 16.4.1, 16.3.5, and 16.2.8) for both Community Edition (CE) and Enterprise Edition (EE).
These updates address various security vulnerabilities, including high-severity issues like an attacker being able to execute pipelines under another user's context, impersonation of users in CI pipelines during group imports, and code owner approval bypass.
Other medium-severity issues include source code leakage through forks, a third-party library patch requiring configuration changes, service accounts not being deleted with namespace deletion, and Single Sign-On (SSO) settings bypassed for public projects.
There are also lower-severity concerns such as unauthorized access to CI/CD variables, asset proxy bypass, and unauthorized manipulation of branch permissions.
GitLab recommends all users to upgrade to the latest security release for their supported version to maintain good security practices.
I've included a list of all the high-severity fixes mentioned in the provided GitLab security release summary:
Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project
- Affects versions: 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1
- Description: An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
- CVE: CVE-2023-5207
Group import allows impersonation of users in CI pipelines
- Affects versions: 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1
- Description: Attackers could impersonate users in CI pipelines through direct transfer group imports.
- CVE: CVE-2023-5207
Developers can bypass code owners approval by changing a MR's base branch
- Affects versions: 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1
- Description: Code owner approval was not removed from merge requests when the target branch was updated.
- CVE: CVE-2023-4379
For more details on each issue and how to update GitLab, visit the GitLab security release page. Additionally, Exiftool, Mattermost, and the Auto deploy image have also been updated to address security issues. 🏰💻🔐
Source: GitLab Release Notes
Tags: #GitLab #SecurityUpdate #Cybersecurity #SecureCoding #DevSecOps #InfoSec #PatchManagement #VulnerabilityManagement 🌐🔒🛠️
ActivityPub mentioned in Thoughtworks’ Technology Radar:
“We expect ActivityPub will play a significant role in [social media interop], but … we’re intrigued by the possibilities beyond the obvious use cases in social media. An example is ActivityPub support for merge requests, recently proposed for #GitLab.
They got that right!
Registration for the 10th annual @hacktoberfest is open now https://www.fosslife.org/get-started-open-source-hacktoberfest #OpenSource #hacktoberfest #hackathon #Git #GitHub #GitLab
Entwicklungsplattform: #GitLab 16.4 mit anpassbaren Rollen | Developer https://www.heise.de/news/Entwicklungsplattform-GitLab-16-4-mit-anpassbaren-Rollen-9317734.html
I have published both my follow and block list here on Mastodon onto GitLab.
Use it as your own discretion.
https://gitlab.com/Linux-Is-Best/linux-is-best-mastodon/-/tree/main
I'm beginning to to build a sense of dread about the delay in #gitlab's open source program renewal responding to applications.
It's weird, I'm using #Gitlab a lot but I wouldn't be able to tell you what the “Jobs" view layout is. That is until they move stuff around like for example the job's current run time.
I just stared at the place where I look normally and was completely baffled where the time went. Until I noticed that they moved it to the front, under the "Running" bubble.
It's nice that this auto-updates and all but it can really be confusing for a moment when your accustomed UI changes from under you 🤪
#gitlab #pages #sphinx #URI #CoolURI #GitlabPages #DoNotUseUniqueDomain
- https://www.bortzmeyer.org/beaux-urls.html
- https://www.w3.org/Provider/Style/URI
Décocher "Use unique domain "pour avoir de belles URLs avec gitlab pages (c'est coché depuis la version 16.4 (2023-09-22) ce qui donne d'horribles URLs pour les nouveaux projets)
Entwicklungsplattform: #GitLab 16.4 mit anpassbaren Rollen | Developer https://www.heise.de/news/Entwicklungsplattform-GitLab-16-4-mit-anpassbaren-Rollen-9317734.html
@mlahlalalah
Ouais ça donne une bonne idée de l'urgence de faire une #OpenDemocraty à la #Wikipedia / #OSQA avec votes et suivi des textes à la #Github (oui #GitLab) 🙄
(ouais je sais c'est compliqué... ou alors on demande à l' #IA et on dit amen 🤭 😂 )
PS: https://eautarcie.org c'est le site à partir duquel j'ai conçu tout mon système de gestion des eaux (usées-grises, pluie, bassin/piscine naturelle).
I am glad to announce that the pip package #mkdocs-tex2svg , that renders #maths #variations #tables directly inside mkdocs #markdown files, with the #tikz-tab syntax, natively compatible with both (mkdocs) dark and light modes (as other #LaTeX snippets as well) is now compatible with the new #Archlinux #texlive packages ( #texlive-meta )
Compatible with #gitlab pages and #github pages
Examples Here : https://eskool.gitlab.io/mkhack3rs/maths/tables/examples/
#eskool #maths #variation #tables #mkdocs #markdown #mkdocs-tex2svg
@JMMaok @Codeberg I believe an option to log in with GitHub or GitLab on Codeberg's login page is a single sign-on implementation (https://en.wikipedia.org/wiki/Single_sign-on).
Just as some websites allow logging it with a Google account, #Codeberg allows logging in with a #GitHub or #GitLab account.
I don't think there's any practical difference between logging in with accounts registered with those services and using a password. No matter what you use, all functionality should be available.
#GitLab has released version 16.4, introducing customizable roles, group-level dependency list, workspaces for private projects, and the ability to bulk change the status and comment on multiple vulnerabilities.
https://alternativeto.net/news/2023/9/gitlab-16-4-released-with-customizable-roles-group-level-dependency-list-and-more/
Is there a way to enter the exact container/execution environment of a #GitLab pipeline? Like ssh? The turnaround time debugging CI problems is frustratingly slow.
(I know sourcehut is apparently leagues better when it comes to CI, but this is not what I'm asking for)
"Native #code intelligence is coming to #GitLab"
https://about.gitlab.com/blog/2019/11/12/sourcegraph-code-intelligence-integration-for-gitlab/
@dnsmichi Note the MVP was @kik for their work with this MR:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127023
which is the first step on the epic to add #ActivityPub support into #gitlab !
#Security Patches für #GitLab, Trend Micro und Atlassian, #Microsoft verliert 38TB sensible Daten, #Cyber Angriff auf ICC, neue Bedrohung "Sandman" entdeckt und #Europol schließt Dark-Web Marktplatz #Piilopuoti.
https://www.lastbreach.de/blog/die-weekly-hacker-news-230925
💥 #GitLab 16.4
🛡️ Customizable roles & fine granular security permissions
🗺️ Group/sub-group level dependency list
🔐 Remote development workspaces for private projects
📦 Private registry support for Operational Container Scanning
🔑 Access clusters locally using your GitLab user identity
🌱 Custom email address for Service Desk
... and more: https://go.gitlab.com/VQXyYw
So after many years of using #GitLab CI/CD yaml config I created my 1st set of #GitHub action workflows.
I find it disconcerting having to trust the authors of the actions you use, and it's also a PITA having to work out what parameters each one takes ('cause they are different).
GitLab script sections are just shell scripts and personally that seems a lot easier...
Maybe once I become more familiar with actions it will be less like hard work
Just my 2c
#Gitlab warnt vor kritischer Sicherheitslücke | Developer https://www.heise.de/news/Sofort-Updaten-Kritische-Luecke-in-Gitlab-9311249.html #Patchday #CyberCrime #Hacking
GitLab Users Advised to Update Against Critical Flaw Immediately – Source: www.darkreading.com https://ciso2ciso.com/gitlab-users-advised-to-update-against-critical-flaw-immediately-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #GitLab #Users
Desktop #Anki app has this #Github-like activity graph, so I can compare my habit of repeating #German #language cards to my #programming activity on #Gitlab.
Well, my priorities are obvious. Not really, though. Programming and committing requires sitting down and actually working on it, which is hard since I develop software as day job. While repeating cards takes no more than 10 minutes a day and can be done while I commute, so I don't have to make the time, the time makes itself.
#AI & #ML are shifting from "nice to have" to "MUST HAVE" in the world of #softwaredevelopment!
23% of organizations are already using AI in software development, with 60% using it daily!
Ready to be a part of this evolution? Read #InfoQ for more insights: https://bit.ly/460tcwz
Your regular reminder that you should be reviewing the commit message as much (if not more) than the code.
You have tests to ensure that the code someone else wrote is correct, but only **you** can check that the commit message is correct.
#Gerrit did it right, #GitHub and #GitLab are differing shades of wrong.
This might seem #obvious but I'll say it anyway:
If you're high when programming, do not commit to main.
(End of public service announcement.)
#git #github #gitlab #programminglife #programming #branch #devlife #devs #drugscene #drugs
🚨 Critical Security Alert! #GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Protect your code—update now: https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
The company behind the DevSecOps platform for software innovation, GitLab is seeking professionals in engineering, sales, product design, finance, legal, and more! Browse open positions now on #OSJobHub https://opensourcejobhub.com/company/706/ #DevSecOps #GitLab #OpenSource #sales #engineer #security #paralegal #accountant #jobs #career
In light of the severity of the vulnerability, GitLab urges users to promptly apply the available security updates.
#Cybersecurity #Gitlab #Vulnerability #Update
https://cybersec84.wordpress.com/2023/09/20/gitlab-pipeline-flaw-urgent-security-updates-released/
FWIW
https://staruml.io made #UML fn again
just a little disappointed by the import/export extension
it's not that good and should, really, be part of the app itself
and it could use some additional shortcut keys
it's very light weight (unlike many other bloated java apps), it looks great (comes with darkmode!!) and it's snappy
file is JSON and can be versioned in #GIT
and there is a #CLI, but need to see if I can use it to generate #GitLab pages with clickable documentation in HTML
"🔍 GitLab's Critical Pipeline Flaw - Update Now! ⚠️"
GitLab has rolled out security patches for a critical vulnerability that could allow attackers to execute pipelines as other users. Ensure your systems are updated to stay protected. 🔄🛡️
Source: BleepingComputer
Tags: #GitLab #Pipeline #SecurityUpdate #CriticalVulnerability
I used to think I was good at writing resumes.
Years of working at #GitLab which is very results oriented, I realize I wasn't bad, but not great. In libraries, we were very focused on responsibilities.
(a couple of examples in replies)
⚠️ Beware:
#Gitlab has a Critical #Security Release for GitLab Community Edition (CE) and Enterprise Edition (EE).
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
Estoy pensando en empezar un proyecto nuevo para programar algo de optimización multiobjetivo, pero no se donde alojarlo.
Voy a abandonar GitHub por quién hay detrás (Microsoft) y la movida que hubo con el tema de no respetar las licencias de los proyectos
He pensado en Codeberg aunque están teniendo problemas por la cantidad de gente y peticiones, lo que me echa un poco atrás.
También tengo la opción de GitLab, que lo tengo por ahí como mirror de mis repos antiguos de GitHub.
¿Alguna opinión/recomendación?
Oh, nice, #GitLab :gitlab: seems to be (potentially) accepting merge requests for "Add mastodon :mastodon: as a social in profile with the rel=me for verification" https://gitlab.com/gitlab-org/gitlab/-/issues/390277
That should be fun to add, wouldn't it?
A self-hosted #FOSS alternative for #Gitlab Snippets and #Github Gists, you ask?
Well, consider @realaravinth #Gitpad. And where its still rough round the edges, your contributions will fit right in 😉
🤖 The Inner Dev learning AI/ML
Learn C++ with a little help from AI @sugaroverflow
AI/ML implementation security - #GitLab Global DevSecOps AI report
Civo machine learning with Kubeflow
MLflow in GitLab
OpenLLMetry for LLM #Observability
https://opsindev.news/archive/2023-09-16/#the-inner-dev-learning-aiml
⚡ Ops in Dev newsletter, September 2023: LLM #Observability, #eBPF for chaos engineering, auto-instrumentation with Odigos , IAST, #GitLab #DevSecOps AI report 💡 eBPF Summit insights
https://opsindev.news/archive/2023-09-16/#hey-lovely-to-see-you-again
Thread 👇
@btp #Azure outage today. #BitWarden logins are down too: https://status.bitwarden.com/
I recall #GitLab using Azure for things, so that's probably related.
@cadey (regrets for recurring themse, but ) #nix -build is dynamic values assigned to environments , so nix-shell is dynamic values assigned to venvs , so besides a reproduced build env in a bash shell (with the latter) , is there any other functional difference between them?
As , in both ain't very different from gitlab-runner -l debug --debug run --config config.toml --service gitlab-runner
#gitlab
nix-channel / copy-closure : Aside from nix-copy-closure, Nix offers another pull deployment mechanism that is more powerful and more commonly used, namely: channels. This is what people typically use when installing "end-user" packages with Nix. 1
hydra : CI
Help, is there a “stop trying to show me “Create merge request”” option in #gitlab? This is driving me crazy.
Yes, I have several active branches. No, I don't want to see that popup after every single push.
Thanks.
Caching between builds
Fast rebuilds
Sharing between builds, even between different #gitlab projects. #nix
https://gitlab.com/fresheyeball/nixos-gitlab-runner
podman \
run \
-v mystorage:/home/podman/.local/share/containers:rw \
--rm \
--security-opt label=disable \
--user podman \
quay.io/podman/stable \
podman \
run \
--rm \
docker.io/library/alpine \
ls /
#stackoverflow 1 is still cool for finding answers
it works , all that's left to do is to automate it with #gitlab runner
Well, I guess I will not sign in to #GitLab, then. Gotta love the CloudFlare “are you human” loop playing ad nauseam. Turned off all content blockers, cleared site settings, to no avail.
#CloudFlare's “challenge platform” returns a 401 for one resource, I think that's the culprit.
I’ll not look at my repos today, I think. Either way, this is bullshit
#pipglr , a #Podman -in-Podman setup to stand up your own rootless #GitLab Runners using rootless Podman. This approach does not require any changes to your .gitlab-ci.yaml configuration, so you can continue using your existing setup as is.
i am new to managing this on my own , so atm tying #trivy 1 for that , let's see
I (finally) gave @simon Simon Willison's shot-scraper a try and... 🎉 it's amazing! In 10 minutes, I put together a little GitLab CI pipeline that takes a screenshot of a website and serves that screenshot via Pages. #gitlab
🌐 Pages site: https://brie.gitlab.io/shot-scraper-ci/
💚 .gitlab-ci.yml: https://gitlab.com/brie/shot-scraper-ci/-/snippets/3596400
🤭 I used my gitcute.cat site for testing -- of course! 😹
The 7 Best GitHub Alternatives for Hosting Your Project
#beanstalk #bitbucket #codecommit #git #github #gitkraken #gitlab #rhodecode #sourceforge
https://www.makeuseof.com/tag/best-github-alternatives/?utm_medium=erik.in&utm_source=mastodon
Migrating Arch Linux's packaging infrastructure to GitLab
https://about.gitlab.com/blog/2023/09/11/migrating-arch-linux-packaging-infrastructure-gitlab/
#archlinux #gitlab
GitLab is starting work on implementing ActivityPub, which will hopefully lead to a full implementation of ForgeFed, allowing interaction between accounts and projects across forges:
https://docs.gitlab.com/ee/development/activitypub/actor.html
Coming from #gitlab CI, I find #github actions so confusing. Why is there an image/action to "checkout the repo"?!
Even the Github docs themselves prove it's a lot more convoluted in comparison: https://docs.github.com/en/actions/migrating-to-github-actions/manually-migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions
If you're curious, here's how the Fedora Websites & Apps Team used GitLab to develop our new website!*
#Fedora #GitLab #WebDev
➡️ https://about.gitlab.com/blog/2023/07/11/building-new-fedora-project-website-with-gitlab/
*Can we still say it's new? It took a long time to make 😅
If you were starting a new side project and you wanted to host in a git site , which would you do? #github #codeberg #gitlab #sideproject
Have you ever found the #GitLab #handbook helpful, especially the #CustomerSupport section?
Let me know!
If you have an account, you can comment directly in https://gitlab.com/gitlab-com/support/support-team-meta/-/issues/5415
Imagine a world where you could self-host your own #git instance, and then interact with repositories from other instances, like adding a star, creating issues, and pull requests. You wouldn't need multiple git accounts for little things anymore!
I heard @forgejo is currently working on this and I'm excited!
I hope I can finally delete some of my duplicate accounts.
And now just imagine: How cool would it be if #forgejo, #gitlab and #github all implemented the same #federation protocol!
We ran out of free #GitLab #CI minutes this month and I've just had to fix a linking error in #inkscape main caused by not having code compiled before being merged.
This is a good and bad sign. We're hitting the limits of the resources the project has at it's disposal because our activity this month has been very high with the paid #Gtk4 migration work.
Some of the new code from our contract workers is looking really good by the way. Lots of valuable cleanup along with fixing the core issues with the upgrade.
#foss #project #opensource #softwarefreedom #sfconservancy #git
🌴 At #GitLab we love swag, but to improve sustainability, we are also now offering to plant trees in the names of our wider community contributors.
We have started by planting a tree for each of our Core team members. Fancy helping us grow our forest? https://tree-nation.com/profile/gitlab
Everyone Can Contribute 🌱 https://about.gitlab.com/community/contribute/
Support ActivityPub for merge requests, https://gitlab.com/groups/gitlab-org/-/epics/11247.
> The goal of those documents is to provide an implementation path for adding fediverse capabilities to Gitlab.
w00t
It’s nice to see #Gitlab working on adding federation (https://gitlab.com/groups/gitlab-org/-/epics/11247) but I wish they’d collab with @gitea etc. that have been working on this topic for a few years now (https://github.com/go-gitea/gitea/issues/14186)
So, if #Gitlab does this, and #Gitea follows along, I will move all my repos from GitHub to a self-hosted Gitea instance. What’s keeping me on GitHub right now is ubiquity. https://toot.cat/@zkat/110953233830185964
Another interesting tidbit from the #Gitlab #ActivityPub thread which may well also apply to other #fediverse software:
"This also is a rich target IMHO for very, very large organizations, such as the US federal government and the States, which consists of various departments, ... and partners that ...need separate control over instances but need ...controlled collaboration across them."
That kind of thing was one of the original uses cases @evan had been working on back in the days, right?
If #Gitlab start supporting merge requests etc over #activitypub, what will #GitHub do?
A few weeks ago I asked about Fediverse apps that are as unlike as Mastodon as possible. People pointed me to some quite interesting ones, like playing chess over ActivityPub or public transport delay announcements https://social.coop/@J12t/110843539252937792
Today I hear that #Gitlab is working on decentralized merge requests over #ActivityPub! If this comes into being, this could be a really major development for the #fediverse. https://gitlab.com/groups/gitlab-org/-/epics/11247
Learn C++ and enter the 🐉 Dragon Realm with my new blog post!
🎮 We'll craft a text-based adventure game using #GitLab Duo Code Suggestions as an AI sidekick
✨ it's giving magical ✨
Does anyone know if #GitLab has anything similar to the "workflow commands" ( https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions ) that #GitHub has?
I'd love to integrate my linter #Regal in GitLab CI pipelines, and it would be sweet if the output could actually annotate the #Rego source code at the location of a violation.
Looking at the GitLab docs I'm thinking "no", but I'd love to be wrong about that!
Got a proof-of-concept of sitespeed.io (https://www.sitespeed.io/) working in a Gitlab CI process without having to run docker in docker and without having to use the premium-only snippet (https://docs.gitlab.com/ee/ci/testing/browser_performance_testing.html#configuring-browser-performance-testing)
Blog post coming soon!
My thinking here is that @huggingface is an acquisition target for #NVIDIA because they don't have an #MLOps platform offering - I also wonder where #GitLab sits in all this too ...
Thank you Dannyel Fonseca for sharing your #gitlab contribution experience 🦊
Everyone can contribute 🙌
Contribution is everywhere ✨
Hackathon 👾
Boost your CV 🚀
Final thoughts 💭
@dnsmichi Unfortunately termsvg did not work, but I found a subproject of Asciinema. #agg #asciinema #gitlab #markdown
@dnsmichi I think it should be possible if I convert the file with termsvg from demo.cast to demo.svg. #asciinema #gitlab #markdown #termsvg
@dnsmichi I have a quick question.
When I run the command asciinema rec demo.cast there is no file uploaded to the server. Can I save this file in a repository and embed it in a README.md?
Is this possible or do I need to convert the file demo.cast to another format?