User:SBassett (WMF)/Explorations/Gitlab

Gitlab local installation
The following setup steps were tested under MacOS Mojave (10.14.6) on a 2.2 Ghz Intel i7 running 8 Gb RAM. GITLAB_HOME=$PWD \ docker run --detach \ --hostname gitlab.test.wmf \ --publish 80:80 \ --name gitlab \ --restart always \ --volume $GITLAB_HOME/config:/etc/gitlab \ --volume $GITLAB_HOME/logs:/var/log/gitlab \ --volume $GITLAB_HOME/data:/var/opt/gitlab \ gitlab/gitlab-ce:latest
 * Install Docker locally, if you haven't, probably via Docker Desktop.
 * Give Docker enough local resources. Via Docker Desktop, setting 3 cores, 5 Gb of RAM and 2 Gb of swap worked fine.
 * Add  (or similar - whatever hostname you want to use) to your   file.
 * Run  to refresh your DNS.
 * Run the following docker command:
 * This will pull the latest gitlab-ce docker image and run it. It might take a little while to download the relevant images, especially since   is almost a Gb by itself.  The above runs Gitlab on port 80 as opposed to also running https on port 443 and ssh on port 22, which likely won't be needed for the Security Team's local development needs.
 * Edit  and set   to whatever you set the development hostname to within your   file.
 * Run  to get a   prompt within the running container.
 * Run  within the aforementioned   prompt.  This might take several minutes.
 * You should be able to see your Gitlab installation within a browser at http://gitlab.test.wmf/
 * Run  to stop the container.
 * Run  to start the container again.  The container likely should not need to be "run" again, if you already ran the   command above at least once.  You may need to run   again within the container as per above, if you receive an error page when attempting to load Gitlab within your browser, but this command should run much faster this time around.
 * Run  to stop and remove the container.  Starting the container again will require the container to be created via the   command above and to run through all of the time-intensive setup steps once more, such as the  .  It's only recommended to remove the container if you need to start over completely from scratch.

Post-installation setup and troubleshooting

 * There are some additional, post-installation steps for the Wikimedia Gitlab setup which are documented here for now. These likely are not relevant to the Security Team's work with Gitlab, though are still good to review and understand.
 * Once you load your local instance of Gitlab in your web browser, you should be prompted to enter a new  user password.  The   user is the default administrative account for Gitlab.
 * To import a new project, to use as test data, navigate to .  From there, you can click the "Repo by URL" button.  The form fields here should be fairly straight-forward, and for the url, make sure you select the clone url from gerrit and add a   at the end, e.g.  .  Most repositories should import fairly quickly, except for something like mediawiki/core.  You can use the default gitlab instance name as part of the url slug and you should make these test repositories public, since that will likely be the default in Wikimedia's Gitlab instance.

Gitlab doc

 * WG doc
 * Wikimedia Gitlab workflows
 * Gitlab CE docker hub page
 * Gitlab docker setup documentation
 * Python Gitlab package