Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.

Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.

I think you're forgetting issue tracking and CI.

While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.

So, no thanks. I'll not be committing any personal code there anymore.

And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.

I'm fine like this.

Also, remember, "Open Source is not about You".

I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.

From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.

It’s act runner. So you can continue using GitHub actions with minor changes

I keep CI/CD super super simple, but was able to set it up for my Python repos in 15 minutes, with compatibility with GitHub actions (using the same yaml file at the same path)

We just released support for Forgejo with RWX CI/CD: https://www.rwx.com/docs/getting-started/forgejo

TIL. Thanks!

Thank you for this, GitSocial is a very cool piece of software!

Yup, I’ve done this. I use a fly.io proxy that runs nginx, fail2ban, and that forwards to my tailnet where Caddy resolves to the actual instance. It’s critical that you disable local registration - I have authentik (only available on the tailnet) as an IdP but you can also just disable reg after making your own account of course. I also have a robots.txt that disables some stuff like all the individual rendered git commit views otherwise scrapers get stuck in an endless loop and also I strictly forbid access to the forgejo package repository since I have some private packages and the permission granularity there is not what I want it to be, still dialing that in. I’m keeping an eye on it and so far nothing terrible has happened. docs.eblu.me if you would like details… I could also link straight to the infra code if you like.

> I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?

I've done this too in the past, I'm still running the internal/lan Forgejo instance, but not any public instance at the moment. But in the past, I've setup a public read-only instance, which mirrors my internal one, then one reverse-proxy connection from the internal to the public instance, which the public one uses for getting the git data. Then it mostly just kept on working by itself, whenever I changed anything in the internal Forgejo, the public one got updated, yet I could keep all issues, CI and more completely private and on lan.

If only you bothered to read the first line of the article, directly under the title:

>I moved my code from GitHub to a self-hosted Forgejo

I think decentralization is the wrong answer for what people really need: portability.

I think some people are mentally ill, and think decentralization is a libertarian ideal where they can have all benefits of society, but they don't have to pay for the roads, the fire department, etc. That some how, those things will spontaneously appear because of <free market babble>.

Others recognize there's some kind of more comfortable middle ground where decentralization means the same as a town/city/state type of social good that is independent and capable of working without larger centralized structures. Having to work towards it, pay money into it, etc, are expected but because the work that goes into maintaining the infrastructure has a clear line of derivation (taxes clearly go to X, Y, Z) would be a benefit.

It's typically the first class tho that dominates all conversations regarding decentralization, and that class includes the Epstein billionaires who just dont want laws to apply anywhere they want to do unethical, immoral and whatever. eg, money is the only law.

CI/CD, package registry, issue tracking in one place?

If you have a VPS that's always running, you can just use it as a git remote through SSH without moving things around or any third party software, just put the Git repo on the VPS and clone it via "git clone ssh://user@host/path". You get authentication, encryption and synchronization out of the box with just ssh/git.

Super interesting, mind sharing your exclusions and hooks?

> It's a shame that all these companies that benefited from open source have poisoned the industry like this

Open Source and the OSI are an industry plant. Look at who sponsors it.

The monopoly hyperscaler conglomerates get free labor and use it to build the world we despise: tracking panopticons, phones we can't install things on, device attestation, browser monoculture with no adblock, etc. etc.

Google made people fall in love with BSD/MIT, and look what it did.

Just a few of the classic plays:

"That Belongs to Us Now" - (1) vendors build stuff like Elasticsearch and Redis, (2) the hyperscalers yoink it into their proprietary offerings and take all the profits, (3) original authors and their companies starve.

"Embrace, Extend, Extinguish" - (1) vendors take an open source project like KTHML and build their version, (2) they flood the market with their offering, pushing out the competitors, (3) they use anti-competitive means to get their thing in front of all eyeballs, (4) once they have marketshare, they do evil things like add tracking and remove freedoms

Open Source needs to replaced with "freedom for the people, companies must pay". Source available shareware with anti-hyperscaler teeth.

Even Richard Stallman's licenses are not strong enough. CC BY-NC-SA is better.

[delayed]

They make it rather easy by providing an audio pronunciation: https://forgejo.org/static/forgejo.mp4

With my American accent, I don't quite say it exactly like the recording, but pretty close: "for-JAY-oh"

[delayed]