xy/gitea
Archived
2
9
Fork 3
Code Issues 7 Pull Requests Projects Releases Wiki Activity

Federated collaborators and organizations #11

New Issue
Open
opened 2022-07-22 16:32:11 +00:00 by xy · 1 comment
xy commented 2022-07-22 16:32:11 +00:00
Owner
Copy Link

Both of these are a huge headache, which is why I've intentionally omitted them in my current PR to upstream Gitea.

The goal of federated collaborators is to add a remote user as a collaborator to a repository. This is mainly difficult because the collaborator will only be able to modify the repository on their remote instance (unless we do some SSO wizardry), so changes must be synchronized between the copies on the two instances.

Why do we need federated collaborators?

One "solution" to this problem would be to simply not implement federated collaborators. Then the collaborators for a repo can only be users on the same instance as the repo. This is very inconvenient because if you are a maintainer of two projects on different instances, you will have to create two accounts to be a collaborator on both projects, which is contrary to the federation goal of using one account across all instances. For a concrete example of this, I would like to eventually collaborate on the ForgeFed Codeberg repo using my account on git.exozy.me instead of my Codeberg account.

Challenges

The only way to sanely implement federated collaborators is to designate one copy as the main copy and single source of truth and all other copies as secondary copies. Naturally, the instance that "owns" the repo should be the main copy. For instance, the repo alice@alice.com/hello-world could be replicated on many instances, but the copy on alice.com is the main copy. If Bobert on bobert.com wants to create a new issue on Alice's repo, the issue (as ForgeFed Ticket) would first be sent to alice.com, and then alice.com sends out the Ticket to all the copies.

For synchronizing code, there are several methods we could use here, since we really don't want sync conflicts and changes to be overwritten.

  1. When pushing to a copy, the copy is not modified and the push is redirected to the main copy using Git. The main copy force pushes to all other copies.
  2. When pushing to a copy, the copy is not modified and the push is redirected to the main copy using ForgeFed. The main copy force pushes to all other copies.
  3. The copies display the main copy's clone URL, so all Git operations only go to the main copy. This requires some work to be able to authenticate a push by a user from another instance. The main copy force pushes to all other copies.

Another idea could be to use the F3 format for doing the one-way synchronization.

Federated organizations

Federated organizations are similar to federated users, except with more headaches. Like with federated collaborators, there should be one main copy which is the single source of truth. For instance, if Alice creates the organization hello-world-org on alice.com and adds Bobert on bobert.com as a member, both alice.com and bobert.com will have a copy of the org, but alice.com's copy is the main copy.

In Gitea, organizations can have multiple teams with different permissions, so one way to model this with ActivityStreams to represent the entire org as an Organization actor, with Group actors for each team. We can then reuse some of the existing AS properties to represent the members of the Group (for instance with items) and permissions.

If Bobert modifies an organization, the modification activity should first be sent to alice.com, and then alice.com sends out the activity to all copies of the org.

Now if Bobert wants to create a repository owned by hello-world-org, he can only create repositories on bobert.com. bobert.com should send a Create activity to alice.com to create the repository on the main copy of the org, and then send over the contents of the repo using the federated collaborators mechanisms above.

For the grand finale, let's say there's a third user, Charles on charles.com with a repo called example-repo. Bobert (on bobert.com) would like to fork this repository to the hello-world-org organization on alice.com. This sounds like the ultimate headache, but we now have everything we need to deal with nightmarish situations like this. First, Bobert goes to charles.com/Charles/example-repo and clicks fork, where he's redirected to bobert.com. (See #7 for more info about federated forking) Now Bobert chooses hello-world-org@alice.com as the recipient of the fork. This causes a Create activity to be sent to alice.com, where the fork is created, and this is synced back to the copy of hello-world-org on bobert.com. And that's it! Whew!

The lesson here is that we need to design federated features to be composable and as building blocks for more complicated behaviors. And of course, all the ideas above are just a proposal, so there might be a better way to do federated collaborators and organizations. Feedback welcome!

Both of these are a huge headache, which is why I've intentionally omitted them in my [current PR to upstream Gitea](https://github.com/go-gitea/gitea/pull/203910). The goal of federated collaborators is to add a remote user as a collaborator to a repository. This is mainly difficult because the collaborator will only be able to modify the repository on their remote instance (unless we do some SSO wizardry), so changes must be synchronized between the copies on the two instances. ## Why do we need federated collaborators? One "solution" to this problem would be to simply not implement federated collaborators. Then the collaborators for a repo can only be users on the same instance as the repo. This is very inconvenient because if you are a maintainer of two projects on different instances, you will have to create two accounts to be a collaborator on both projects, which is contrary to the federation goal of using one account across all instances. For a concrete example of this, I would like to eventually collaborate on the ForgeFed Codeberg repo using my account on git.exozy.me instead of my Codeberg account. ## Challenges The only way to sanely implement federated collaborators is to designate one copy as the main copy and single source of truth and all other copies as secondary copies. Naturally, the instance that "owns" the repo should be the main copy. For instance, the repo alice@alice.com/hello-world could be replicated on many instances, but the copy on alice.com is the main copy. If Bobert on bobert.com wants to create a new issue on Alice's repo, the issue (as ForgeFed Ticket) would first be sent to alice.com, and then alice.com sends out the Ticket to all the copies. For synchronizing code, there are several methods we could use here, since we really don't want sync conflicts and changes to be overwritten. 1. When pushing to a copy, the copy is not modified and the push is redirected to the main copy using Git. The main copy force pushes to all other copies. 2. When pushing to a copy, the copy is not modified and the push is redirected to the main copy using [ForgeFed](https://forgefed.org/behavior.html#reporting-pushed-commits). The main copy force pushes to all other copies. 3. The copies display the main copy's clone URL, so all Git operations only go to the main copy. This requires some work to be able to authenticate a push by a user from another instance. The main copy force pushes to all other copies. Another idea could be to use the F3 format for doing the one-way synchronization. ## Federated organizations Federated organizations are similar to federated users, except with more headaches. Like with federated collaborators, there should be one main copy which is the single source of truth. For instance, if Alice creates the organization hello-world-org on alice.com and adds Bobert on bobert.com as a member, both alice.com and bobert.com will have a copy of the org, but alice.com's copy is the main copy. In Gitea, organizations can have multiple teams with different permissions, so one way to model this with ActivityStreams to represent the entire org as an Organization actor, with Group actors for each team. We can then reuse some of the existing AS properties to represent the members of the Group (for instance with `items`) and permissions. If Bobert modifies an organization, the modification activity should first be sent to alice.com, and then alice.com sends out the activity to all copies of the org. Now if Bobert wants to create a repository owned by hello-world-org, he can only create repositories on bobert.com. bobert.com should send a Create activity to alice.com to create the repository on the main copy of the org, and then send over the contents of the repo using the federated collaborators mechanisms above. For the grand finale, let's say there's a third user, Charles on charles.com with a repo called example-repo. Bobert (on bobert.com) would like to fork this repository to the hello-world-org organization on alice.com. This sounds like the ultimate headache, but we now have everything we need to deal with nightmarish situations like this. First, Bobert goes to charles.com/Charles/example-repo and clicks fork, where he's redirected to bobert.com. (See #7 for more info about federated forking) Now Bobert chooses hello-world-org@alice.com as the recipient of the fork. This causes a Create activity to be sent to alice.com, where the fork is created, and this is synced back to the copy of hello-world-org on bobert.com. And that's it! Whew! The lesson here is that we need to design federated features to be composable and as building blocks for more complicated behaviors. And of course, all the ideas above are just a proposal, so there might be a better way to do federated collaborators and organizations. Feedback welcome!
xy commented 2022-08-15 18:23:00 +00:00
Author
Owner
Copy Link

This also depends on https://codeberg.org/ForgeFed/ForgeFed/pulls/156 to notify an instance that a user on that instance was added as a collaborator to a remote repository.

This also depends on https://codeberg.org/ForgeFed/ForgeFed/pulls/156 to notify an instance that a user on that instance was added as a collaborator to a remote repository.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
main
feature-activitypub
feature-go-ap-inbox-outbox
old
feature-manual-inbox-outbox
feature-manual-inbox-outbox-old
feature-inbox-outbox
base-activitypub
feature-go-fed
release/v1.16
release/v1.15
feature-activitypub-old
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: xy/gitea#11
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?