LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Best practices for a public Github with private work

(Not exactly a LabVIEW question, but SCC, so hopefully this is a decent spot...)

 

My company currently uses a self-hosted SVN server for our SCC system. We use it for both LabVIEW code as well as C. It's been working great for us, but we have some new needs, and will be switching to a paid Github account soon.

 

We have a few things that we've made over the years that we'd like to open source (a Datagrid library, for instance). So, we're planning on having a public repository for this work. Some tools like the Github issue tracker would be a great addition to our team, so we'd like to utilize that as well.

 

However, we need to keep this development work private until we're ready to release it due to privacy concerns. For example, the Datagrid library itself is public, but it's used in a number of internal projects that cannot be public. How might we go about having a semi-public-but-not-entirely piece of software on Github?

 

Example workflow: Customer A needs us to make individual cells highlighted in green. It would be very nice to add a new issue to the issue tracker "Make cells highlightable due to Customer A's request on the XYZ project". However, we can't share the customer name publicly, and we can't discuss the XYZ project publicly. We'd like to be able to do all of our development work in a fully private repo- that way, we can add the issue to the tracker, discuss the reasoning behind it, add comments (e.g., "Tested and works for the XYZ project, issue closed"). Then, once it's working, we apply the new feature to the public code, with a simple commit entry "Now the cells can turn green!"

 

How might we go about setting that up?

0 Kudos
Message 1 of 9
(529 Views)

I hate GIT so things like this are right in my blind spot.  I am, however, interested in the results of this discussion since I am being forced to do pretty much the same thing.

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 2 of 9
(495 Views)

No experience with this, but gitlab supports public forks of private repostitories.

Actor Framework
Message 3 of 9
(487 Views)

@Quiztus2 wrote:

No experience with this, but gitlab supports public forks of private repostitories.


This would be ideal, but gitlab doesn't have some of the compliance stuff we have to have 😞

0 Kudos
Message 4 of 9
(480 Views)

I'll outline 2 approaches: git-only (manual sync, 2 projects) and github (project permissions, 1 project)

 

  • Git-only: Use 2 GitHub projects, and keep confidential information in the private one only. Pushing to different repositories (remotes) is quite simple. Once code is merged in on the private project, someone could pull down the updated branch from the private project and then push that update to the public one. Here's a command line explainer, I prefer using TortoiseGit so I don't have to remember a bunch of infrequently used commands.
    • manage remotes for this repository on disk:
      avogadro5_1-1723149910876.png
    • Now when I push I get the option to choose which remote gets pushed to:
      avogadro5_3-1723152518669.png
  • GitHub: I use GitLab not GitHub so your mileage may vary on this. It's probably possible to configure the project so anyone can see the repository, but only users you specify can see the other attached info like pull requests and issues. In GitLab there's a settings page on each project that includes visibility for each part of the project page.
Message 5 of 9
(473 Views)

Did you consider hosting your own gitlab server? This is not uncommon.

Actor Framework
0 Kudos
Message 6 of 9
(452 Views)

I wish it was an option, but we don't have the IT infrastructure to support such a thing. (We currently host our own SVN server, but we're moving things to professionally hosted solutions to help with the mountain of compliance requirements we have, which is a bit outside the scope of this post, but trust me it's a lot!)

0 Kudos
Message 7 of 9
(411 Views)

@BertMcMahan wrote:

@Quiztus2 wrote:

No experience with this, but gitlab supports public forks of private repostitories.


This would be ideal, but gitlab doesn't have some of the compliance stuff we have to have 😞


We are pretty much doing this without any problems:

  • Pay a professional webhoster to host a GitLab instance just for our company
  • Have public open source repositories there, which are also used in customer projects
  • have private customer repositories there

Of course, you cannot discuss why Person A of customer B for project C needs the feature XY in a ticket of an open source repository. But why would you do that? Just describe, that you want a feature that can highlight cells in colours. In the private customer issue where this feature request popped up, you just link to the ticket of the open source repo.

Maybe I didn't get the problem right. Your compliance prohibits exactly what?


Proud developer at Hampel Software Engineering where we turn '404 not found' into '200 OK'. Join us on Discord
Message 8 of 9
(346 Views)

Paying another webhoster would definitely solve our compliance issues. I didn't know Gitlab could be self-hosted, so thanks for that info. I can see if our cloud IT company can provide that, but we don't have the resources to fully run something self hosted on, for example, AWS. We'd need a company that can comply with our various legal requirements. There's probably SOMETHING out there, it'll just be whether or not it's worth the cost.

 

Customer to customer visibility is definitely one consideration, but the compliance stuff is the big one. The main thing there is ensuring absolutely no public visibility as well as some strict rules regarding hosting and who can get to the content, even in an IT setting. I think the term is "Fedramp"- currently, Github offers a Fedramp compliant hosting service, but Gitlab doesn't. Self-hosting would require us to get a Fedramp compliant host plus maintain everything, and we've been trying to offload IT stuff, so I don't think it'll fly. But I can certainly pitch it!

Message 9 of 9
(293 Views)