GitLab looks for users to CI to eye: Come join us on the happy path
Source code, pipelines and boiling frogs
Interview While many cloudy companies aim for four nines of uptime, it was four ones for GitLab today as the source shack celebrated the release of version 11.11 with a chat with The Register.
GitLab is known for its source code management and, more recently, its CI/CD tooling. Helpfully coinciding with Kubecon, the gang has emitted a release aimed at the orchestration technology.
Users of the self-managed incarnation of GitLab (running it on-premises or in the public cloud) can now provision a cluster at instance level, with all projects in the instance making use of it for deployments.
While Kubernetes integration is a crowdpleaser at Kubecon, at least as useful is the arrival of a new executor to the GitLab Runner for Docker Containers on Windows, bringing to an end the hokey practice of using the shell executor to make things happen.
Being able to use Docker Containers for Windows directly will simplify things for fans of the Microsoft platform and, the company hopes, open up more options for pipeline orchestration for Windows users.
Because GitLab is all about the CI these days.
Marin Jankovski, an engineering manager at GitLab, described the Windows functionality as "amazing", defining a Runner as "a binary that you set up on any of your machines and you can execute any sort of code that you want."
Nice, unless you were working with Windows, in which case you were out of luck.
Jankovski went on: "You couldn't run that binary on Windows and now we're finally getting that, which means that any project that depends on a Windows environment can now use DevOps CI without any hassle."
Because let's face it, the last thing a DevOps pipeline needs is extra hassle. Many tend to be held together with the computing equivalent of duct tape, spit and prayers.
Release 11.11 also adds deployment events for Slack and Mattermost and guest access to the Releases page, meaning a guest can download whatever is published without nabbing the source code. Other tweaks include a caching proxy for frequently used Docker images and the usual wide array of modifications contributed by the community for the monthly update.
And because GitLab has the one codebase, that update is flung out to self-managing customers as well as those letting GitLab manage things for them SaaS-style.
While the company will backport fixes for three prior releases (maybe more for a security issue) the expectation is that customers will maintain the cadence set by the company.
If you're working with anything older than three months, while GitLab might try to help, any assistance will be prefixed with "Hey, how about that upgrade?"
Jankovski added: "They can patch the code if they want; it's open source, right? So they can do whatever they want..."
What could possibly go wrong?
Ransomware? We've heard of it
Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has itREAD MORE
The GitLab gang is, like its competitors, taking the recent repo-ransomware outbreak pretty seriously. Brandon Jung, VP of Alliances and member of the Linux Foundation Board, told us that the company "will always be working on how do we get to a default, high security setting for our customers", with credential and secrets management taken care of and code scanned.
However, as both he and Jankovski admitted, if a customer really wants to, "they can do something dumb."
Harsh, but fair.
While the company's origins are in source management, the San Francisco-based outfit (recently valued at $1bn after slurping up more investor cash) has a stated goal of getting into the whole DevOps game and Jung, modestly, reckons it's there, telling us that "CI is a huge focus. And it has been a really easy win for a huge number of our customers, since we ship it all together, it makes it extremely easy."
The company's habit of eating its own dogfood helps, as Jankovski explained "everything that you're seeing now, is because we ran into these problems and provided solutions to ourselves first, tried and tested them in our use cases. And now when our customers are going through the same path, it's smooth, it goes very easily for them."
Handy, because GitLab is not the only game in town – customers are spoiled for choice for DevOps vendors. They all making the same Holy Grail claim of affording a complete end to end solution for developers tired of fixing broken pipelines instead of writing code. However, the source shack does have the advantage of having a foot in the door already in the form of repositories.
Going forwards on the CI front, Jung told us that the gang plans to put resource into security around the pipeline, with some extra work going into dynamic code analysis.
Jankovski added wistfully that what the team really wanted was for customers to stop turning off the built-in GitLab CI features in favour of the likes of Jenkins or Jira. But, if users remained wedded to their old DevOps friends, then the company was happy being "the modern Git source code management" in a customer's "old CI".
GitLab on GitHub
On the competition, Jung and Jankovski were unsurprisingly frank. After all, GitLab enjoyed a bit of sport at GitHub's expense, highlighting the jump in repos moving to its platform at the time Microsoft announced its intentions.
The duo joked that with the arrival of GitHub credentials in Azure, the long-awaited Git365 rebranding might be in order.
Jung, however, expressed concern at the direction of travel of open source, remarking that "when you see more and more come out, it's a little bit like boiling the frog" and as for GitHub's evolvution under Microsoft's stewardship: "you watch each little piece that gets added in, it's like, oh, here's more security. Here's other pieces..."
In an interview with The Reg earlier this month, Microsoft's Gabe Monroy responded to worries over the influence of the company with the comment "I would hope that people could judge us by our actions."
For its part, Microsoft has stated that it is painfully aware that it stands to lose far more than the billions it paid for GitHub if developers desert the platform. Even the EU's sometimes-prickly watchdog stated that if the water got too hot, coders would be able hop out somewhere cooler.