This is a rough summary of what all I read in the blog post:
1. projects. replaces trello, waffle.io, zenhub and many other similar services.
2. code reviews allow approval/request changes as sunny's screenshot shows
3. reviews can be made mandatory.
4. github platform integrations is getting a roadmap
5. a graphql api to query their database
6. enforce 2fa in organizations (much love for this one)
7. summarized timeline for your contibutions
Just a few days back, at the GitLab release, I'd noticed a lot of complains about gitlab releasing useful and impactful features and github being slow on releases. Moreover, now with a public roadmap (even if it is just for platforms), it is a great start.
I'm really liking this change in pace.
mods: Can we make this the canonical discussion for this topic? Otherwise, a lot of branching will happen
I agree with you that the pick up in pace of Github's lacking features has been phenomenal, and I don't really quite understand all the love of GitLab except rooting for the underdog. Github is the clear industry leader, has been since essentially it's creation. It is very fast and feature-filled. It is the central location for the vast majority of code I use and see. Since the open letter to Github with the complaints of feature requests, they've really stepped up their game and made competitors really non-starters from my point of view.
The Enterprise edition features[1] are closed source, and these aren't strictly "enterprise-y" features like SAML authentication. It includes plenty of "basic" workflow features found on GitHub:
- Rebase merge requests before merge
- Use fast-forward merges when possible
- Create templates for issues and merge requests
- Display merge request status for builds on Jenkins CI
Take a look at Phabricator. It's a former Facebook project and been battle-tested at very large companies for years now. Huge open source projects like Blender, Haskell, Wikimedia and LLVM use it since it's the best open source code review tool and issue tracker. Wikimedia had a lengthy decision process and thoroughly vetted the alternatives.
It has many enterprise features including code ownership, issue templates, and a Gerrit like, sane code review workflow. You can fully integrate it with your CI tool and it even displays coverage results inline and such.
Ask me anything about it :) I'm not affiliated with it but am an experienced user.
I used Phabricator at a former employer, and it was one of the best software tools I've used. I'm always flabbergasted that it doesn't have more mindshare, especially when it's used internally at Facebook.
it's either self-hosted or at least $20/user/month. This alone makes it a bit of a hard ask for smaller companies at first, even for just kicking the tires.
It's worth noting that the first 30 days are free, and all 3 source control systems it offers have fairly painless synchronization, so there's low risk IMO.
On top of that it was really painless to install locally. I had it setup in under an hour, and that included my first time ever setting up my webserver with php, and first time configuring a mysql instance.
Phabricator is also pretty amusing in terms of UX (by default), which is helpful when dealing with things that tend to anger folks -- like spirited reviews. I've often wondered if the sense of humor is half fun, half intentional in terms of psychologically making tedious work better for all involved. Even if accidental it's a nice thought.
Based on my experience, Phabricator has some quirks but is quite solid, and the well-designed command line arc workflow would please folks who refuse to open a Web browser.
I'm evaluating GitLab at work currently - primarily for its code review features and really like it. Read a lot about Phabricator yesterday as a possible alternative, and am considering testing it.
I wonder how it compares to GitLab. Is it possible to set up protected branches, where I can say, only users X and Y are allowed to push to the master branch? Can I do a code review and then finalize it when I'm finished and does the author get notified with a summary like the new GitHub code review feature? Because currently in GitLab the author does get a notification email for every line comment I make, which is also not really the perfect way of doing it.
I already know that Phabricator squashes the changes into one commit, I think I can live with that. (because it promotes small code reviews) Does Phabricator have any problems with git rebase, where I'm refreshing a feature branch with the most recent master state? What I really like about the merge/pull request workflow of GitLab is, that multiple developers can work together on one feature branch while a merge request is open and can be used as a discussion platform for the changes - is this possible with Phabricator?
Also I'm wondering how solid the issue tracking is, and if the project workboards can compete with Trello. Can it be used by non-developers without giving them access to the code?
>Is it possible to set up protected branches, where I can say, only users X and Y are allowed to push to the master branch?
Yes. I recommend (and my employer uses) a Herald rule that admits pushes to master only if the changes are in an approved Diff (unit of code review). This way you get an enforced 2-man rule, but anyone besides the author can approve the change.
This is currently impossible with Gitlab AFAIK, and is the main reason I won't use it.
You can also configure Herald rules to add blocking reviewers to other people's Diffs based on arbitrary criteria (i.e. touches X file and it's a Tuesday). A Diff cannot be considered approved until all blocking reviewers have signed off.
Reviewers can also be groups, so you could say, for example, changes that touch Y file must be reviewed by Security, but any member of Security can sign off.
>Can I do a code review and then finalize it when I'm finished and does the author get notified with a summary like the new GitHub code review feature?
Yes, everything you do on a Diff is batched and happens all at once when you click "Submit" at the bottom. Inline comments, the free-form text box, and the action all come as one email.
> What I really like about the merge/pull request workflow of GitLab is, that multiple developers can work together on one feature branch while a merge request is open and can be used as a discussion platform for the changes - is this possible with Phabricator?
A Diff is really meant to be an individual's small, well-defined contribution. Multiple people submitting code to a one diff can get messy. This would be better modeled as many diffs.
You are allowed to land diffs against branches other than Master, however this gets messy. It is not a first-class use case. My employer does not collaborate on feature branches; instead we land half-finished features into master (and production) disabled by feature flags.
It is NOT a merge/pull-request workflow. It treats Git more like Subversion; Phabricator is a very sophisticated alternative to emailing patches around before SVN committing them (basically the equivalent of landing).
>Also I'm wondering how solid the issue tracking is, and if the project workboards can compete with Trello.
Issue tracking is totally solid, very configurable. Project workboards consist of tasks/issues, which are much more expensive to create than Trello cards: you fill out a pagelong form, pick type, severity, owning team, title, description, etc. vs just free-forming a title. However, you can drag tasks around the workboard just like Trello and it looks pretty similar.
>Can it be used by non-developers without giving them access to the code?
Yes. Permissions (and approval flows, and notification rules) are very configurable. Phabricator is well suited to a large organization with rules, but this suitability doesn't carry too much overheard.
I don't think you could collaborate on issues with customers. Nontechnical people in your company, though, totally - we do that.
> It is NOT a merge/pull-request workflow. It treats Git more like Subversion; Phabricator is a very sophisticated alternative to emailing patches around before SVN committing them (basically the equivalent of landing).
Due to popular demand, they are adding some tools to allow merge/PR workflow. That being said, it was not stable last time I checked (~6 mo. ago), and it will probably take a while, if ever, for it to be as good as what's already there for Differential (the current code-review/landing system).
That being said, their existing tools are really good, and the fact that you are not married to a single VCS is really nice. You can have some legacy SVN repositories and be fine, and use the exact same interface for code-review and landing as in your shiny new git repositories. Prefer hg to git? No problem. Have some complicated gitolite setup you don't want to bother migrating? Phabricator works fine even when not hosting the repository.
Phabricator is awesome. It felt like it was more for experienced developers or larger organizations when I was using it(in a good way). Something to consider depending on your team.
So, when reading the features page, I was considering 1 and 2 in terms of a feature that I use at GitHub religiously: squashed pull requests (that are automatically fast-forwarded) [1].
If I'm reading this correctly, this exists in GitLab as an enterprise feature, so I think my earlier comment isn't too far off. There also appears to be some community feedback suggesting this should be a CE feature [2].
We already have these features, we just opted to make them EE/.com only since we think they are more relevant for organizations that have more than 100 potential users.
GitHub (annoyingly) can't do fast-forward merges from non-squashed PRs either.
Display merge request status for builds on Jenkins CI
GitLab implements basically the same API as GitHub for updating build status of commits from external services, or do I misunderstand what feature you mean?
But in general I agree, there are some options GitLab reserved for EE that really feel like they should be part of the CE as well.
Thanks for the admiration. If there are features that people think that should belong in the open source edition we're all ears. We've done so before https://news.ycombinator.com/item?id=10931347 A feature comparison between CE and EE can be found on about.gitlab.com/features/#compare
It seems like many posting there are not aware that this repository/bug tracker is not an official channel anymore -> maybe posting an automated comment in all issues with recent activity or locking them could help avoid confusion? If you arrive via search, you don't see the notice in the main repository description.
There are 100% open source products out there, and I think it's worth distinguishing that GitLab is not one of them (as a GitLab employee adds elsewhere, it's "Open Core").
I'm not criticizing the product – they're welcome to open or not open source whatever they like. I'm just clarifying the description the parent used.
It's only kind of open source, and only partly. They call it open core, so saying open source outright is a bit misleading.
The review feature is very new in GL, and that plus all of the things you are mentioning within "everything in one spot" is available in this update (except maybe the coding env, not sure what that means anyway), if you've read the announcement. Github also has self hosting.
That's a pretty misleading characterisation. You can browse the source code, submit issues, see what's being worked on, contribute PRs, and freely download and run your own instance of GitLab. A handful of enterprise features aren't open sourced.
I agree that it is better to call ourselves an open core company and our website and communication should reflect that https://about.gitlab.com/about/#stewardship If we're still using open source to refer to the organization somewhere please let me know.
Thanks. I was unaware this existed. Looks like it was launched in 2011[1]. Somehow I thought that with their (presumably, from what little I've gathered over the years) complex infrastructure setup this would be hard or impossible. I wonder if they have an Enterprise team devoted to keeping up with a SaaS mainline and how much work they have to do, or if they made/make some decisions that make this (Enterprise) a fairly self-contained "it just works" sort of thing.
Hi there - GitHub Enterprise definitely has a devoted team focused on building features tailored to the needs of customers requiring/requesting an on-premise solution, as well as making it entirely self-contained. We typically release a new version of GitHub Enterprise on a quarterly basis - you can see the latest additions we shipped with GitHub Enterprise 2.7 here: https://enterprise.github.com/releases/2.7.0/notes
We have companies scaling their GitHub Enterprise instance up to 25,000 users, and we also have a dedicated Enterprise Support team available 24/5 to resolve any technical issues.
Thanks for the answer straight from the horse's mouth! I'd often heard about companies storing their code on GH and didn't understand how they could get away with using a SaaS app available on a public cloud; now I know, they can just run a self-hosted version on their own private network.
I am not your target market, FWIW, but just a curious developer.
No worries - glad to provide the additional details!
We also recognize that having a SaaS solution like GitHub Organizations meets the needs of many companies (over 75,000 at last count), and our announcement of 2FA enhancements today is an indication of our desire to continue that approach.
Then be a fan of of GitLab for putting the fear of competition back into GitHub ;)
(It's of course not certain they are the reason they are moving again, but GitHub looked a lot like the market leader that feels like it doesn't have to bother much anymore. And they weren't entirely wrong.)
I think it was more the open letter to Github, which motivated both Github and GitLab (seen as an opportunity to compete).
GitLab's roadmap yesterday surely didn't motivate or spawn the "New GitHub Universe," and I wouldn't think that Github is very nervous about GitLab currently due to it's massive lead in the market. Maybe this new round of funding made some of the folks at Github look over at Gitlab, but I doubt too much else.
Ehh... dominance among open source projects, and Hacker News and Reddit thread cool points, is one thing. But in boring old terms of actually making money, how IS GitHub doing?
"Enterprise" is practically a swear word here, but that's where the meaningful paying customers are. From my anecdotal experience, Atlassian absolutely dwarfs GitHub in the enterprise world... and that's just the enterprises that are willing to host code in the cloud to begin with.
For large shops demanding an on-prem solution, GitLab seems to have a much better story than GitHub since that's really their business model bread-and-butter. For GitLab, the cloud hosting is basically just a marketing tool.
It's historically been tough to compare them to Atlassian because Atlassian has provided tons of other enterprise services like Jira and Confluence, and an 8 year lead plus going public, but I think Github is definitely working on better squeezing into the enterprise space with this current announcement.
At a small company here, and we moved from GitHub to BitBucket because both the pricing (a couple dozen private repos) and user-management were more friendly. User management is one of those things people hand-wave away until they're the poor sap who has to manage it.
> "Enterprise" is practically a swear word here, but that's where the meaningful paying customers are. From my anecdotal experience, Atlassian absolutely dwarfs GitHub in the enterprise world... and that's just the enterprises that are willing to host code in the cloud to begin with.
I was recently at an F1000 company and we did self-hosted GitHub Enterprise. While many services were duplicated across departments, there were a variety of other commercial VCS setups, and our GH was not highly available… there was a ton of buy-in to GitHub Enterprise. And, yeah, we did JIRA and Confluence (and SharePoint…).
I'm doing a gig for a F100 company now and, well, we've got GitLab. I dunno if I'm just more used to GitHub or if I actually prefer it to GitLab.
I think particularly here on HN, I've seen a good deal of concern over github's social agenda and the perception that they've hired a lot of non-engineering folks to push that agenda.
The alt-right is apparently everyone's favorite new boogeyman for use in thought-free dismissal
It's always disappointing to see a self-described intellectual community give over so heavily to such an obviously broken thought process, but humans being the emotionally manipulable creatures they are, it makes sense.
But the answer of self-hosting is a perfectly valid answer for "Why the love for GitLab?" when one = $0 in licensing, and the other = > $2,500/year in licensing.
Plus, not too long ago, GitHub restricted the number of free private repositories, for users and educational organizations. Although they offered educational plans for labs, it still had its limitations. Thus, free self-hosting was what attracted us to use GitLab in our lab.
GitLab's pricing model won a lot of people when GitHub's was ugly for anyone who wanted private repos (single guy at home with 10+ private repos for things like your dot files, etc? $20+ a month, for what likely amounted to under 1MB of disk space).
If I had unlimited money, I could hire an army of coders to write me a git platform with all the features I want, and host it on all the servers, everywhere. It's simply not feasible to talk about product features in a vacuum without considering the costs.
built in CI integration is a huge draw. There are also a nontrivial amount of companies that refuse to let source code "out of the building" so they need to self host, either for real reasons or perceived.
Very fast? Maybe in the US, but rest of the world still has oceans in between of them. Adding 200msec+ of latency to every request makes it feel very sluggish.
Maybe they should start looking into global rollout like Google, Facebook and basically every serious company having world-wide audience.
Here is some more competition in the form of a modular integrated tool 100% libre and open source.
With a single instance of Tuleap you can have per project wildly different configurations. One project can have a scrum dashboard with GIT and pull requests, while another can be kanban and SVN with Jenkins CI, and a third could even be setup as Waterfall with CVS or other combinations.
Issue tracking, or anything tracking really, document versioning and templates to get you started really quickly. It’s proven scalable as it’s already used by companies with more than 17 000 users with a single instance of Tuleap.
I would love some feedback as we are actively developing it with monthly releases. You can check it out at https://tuleap.org/
Our focus is going to remain on how to integrate a full-featured project management suite within the GitHub eco-system. The GitHub projects release will make a great foundation, and ZenHub will be there to provide the more advanced features like issue hierarchy (epics), time estimation and reporting. Lots of exciting releases coming soon for ZenHub users :)
At Waffle.io, we're all about making project management better for engineers. We believe it's awesome that GitHub is investing in this too, and we'll continue to make GitHub delicious :). More here: http://blog.waffle.io/say-hello-to-wafflebot/
I'm looking at https://www.zenhub.com/product, and while it does have some extra features (filters on priority, labels), but for most people the base set provided by github is gonna be sufficient.
Sure, it won't completely replace them, but GitHub building this as a platform counts as competition.
Using ZenHub also provides additional features like time estimation, burndown charts and Epics (for issue hierarchy) - we find that for larger teams, these are must-have features to work inside GitHub.
Founder of Zube here. GitHub Projects seems like a nice solution for very small teams, side projects and open source projects. However, serious teams need more powerful features like a well thought out workflow, support for multiple repos and burndown charts.
Shameless plug: Zube has all these things and more - https://zube.io :)
It looks like enforcing 2fa in an org (finally!) means anyone who doesn't have 2fa will be booted out (included whoever may be paying for it at the time) with an email explaining why. I'm afraid to tick the box because of this. :o/
Contact everyone, tell them they have a week, then tick the box. If they didn't do it within the week it's either not important to them or they'll add it right quick after you tick the box.
We have some "shared" users for things like bots, etc.. wonder how to deal with that since we don't want to enable MFA for them. Otherwise I'd be all over this..
For CI bots I think in the future you will be able to build an "integration" instead of using a user account. From the blog post
"We’re rethinking our integrations model to provide better ways for tools to extend and integrate with GitHub. We’ve added the ability for an integration to act on its own behalf instead of impersonating a user—making it a first class actor on GitHub without using a paid seat. Admins will have the ability to configure integrations directly on Organizations and control which repositories they allow access to."
Currently, we tell every new employee on joining the org to enable it, and review it a week later to ensure that they followed through.
It is the exact same with Google Apps as well (where you add the user to the 2faexceptions group and review+remove them a week later).
I was ready to flip the switch, till I realized that a third-party bot account in our organization doesn't have 2fa. Dropped them a mail, hoping to flip it by tomorrow (100% non-bot users have it enabled, so no one is getting auto-kicked).
Doesn't look like Projects comes close to replacing ZenHub / Waffle.. Not for proper teams anyway – real project management needs to be much more robust so I'm keeping ZenHub for now.
1. projects. replaces trello, waffle.io, zenhub and many other similar services.
2. code reviews allow approval/request changes as sunny's screenshot shows
3. reviews can be made mandatory.
4. github platform integrations is getting a roadmap
5. a graphql api to query their database
6. enforce 2fa in organizations (much love for this one)
7. summarized timeline for your contibutions
Just a few days back, at the GitLab release, I'd noticed a lot of complains about gitlab releasing useful and impactful features and github being slow on releases. Moreover, now with a public roadmap (even if it is just for platforms), it is a great start.
I'm really liking this change in pace.
mods: Can we make this the canonical discussion for this topic? Otherwise, a lot of branching will happen