Comment by miohtama
8 days ago
Everyone is free to use alternative CI/CD workflow pipelines. These are often better than Github Actions.
These include
- https://news.ycombinator.com/item?id=44658820 )
- Jenkins
-etc.
Anyone can complain as much as they want, but unless they put the money where their mouth is, it's just noise from lazy people.
I’d appreciate not being called lazy for mentioning a lack of investment on Microsoft’s side to secure their paid and fairly lucrative service that they bought a popular code hosting platform to integrate with.
Can someone explain what this somewhat recent phenomenon is where people feel the need to defend the worlds biggest billion dollar businesses, that are also often subsidized by tax payer money in weird ways?
How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
> How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
Honestly I think the problem is more a rosy view of the past versus any actual change in behavior. There have always been defenders of such companies.
> How did we go in 20 years from holding these companies to account when they'd misbehave to acting as if they are poor damsels in distress whenever someone points out a flaw?
They hired a ton of people on very very good salaries
I think big tech being so big now that these "issue" is too small for their priority is saying something
You better thank god for MS for being lazy and incompetent, the last thing we want for big tech is being innovative and have a stronger monopoly
The original comment said to stop giving money to these companies if they are not giving you a satisfactory service.
The opposite, to be lazy and to continue giving them money whilst being unhappy with what you get in return, would actually be more like defending the companies.
2 replies →
I won't "defend" Microsoft in this case, but I am always annoyed by phrases like "world's biggest billion-dollar businesses... bablah".
Their size or past misbehaviors shouldn't be relevant to this discussion. Bringing those up feels a bit like an ad hominem. Whether criticism is valid should depend entirely on how GitHub Actions actually works and how it compares to similar services.
5 replies →
There is a massive problem in open source where some people equate pointing out a problem with being too lazy to solve it — when in reality this just stifles the conversation. Especially when a prerequisite to any group project accomplishing anything is to first discuss the problem to be solved.
No that's actually a completely different issue. You're talking about volunteers working on side projects that are sometimes foundational to the way the internet works and then people feel entitled to tell them what to do without contributing.
Here we are talking about one of the worlds most valuable companies that gets all sorts of perks, benefits and preferential treatment from various entities and governments on the globe and somehow we have to be grateful when they deliver garbage while milking the business they bought.
5 replies →
Well, actually, no, not everyone is free to use alternatives. Anyone using CI for "Trusted Publishing" of packages to PyPI or npm needs to use GitHub Actions or GitLab CI/CD. CircleCI and Travis CI are not supported. So many big open source projects for the two most popular languages in the world are now locked out of the alternatives you propose.
(I find it extremely sketchy from a competition law perspective that Microsoft, as the owner of npm, has implemented a policy banning npm publishers from publishing via competitors to GitHub Actions - a product that Microsoft also owns. But they have; that is the reality right now, whether it's legal or not.)
I was never convinced that trusted publishing solves any security problem, other than letting pypi eventually solve the problem of banning russian/iranian/whatever people just by relying on github doing it for them.
Trusted Publishing on PyPI supports Google Cloud and ActiveState as well. It’s not tied to GitHub or GitLab. To my recollection I looked at CircleCI support a while back, and ran into limitations on the claims they exposed.
(It can also be extended to arbitrary third party IdPs, although the benefit of that is dependent on usage. But if you have another CI/CD provider that you’d like to integrate into PyPI, you should definitely flag it on the issue tracker.)
> unless they put the money where their mouth is, it's just noise
I used to work for a Japanese company, and one of their core philosophies was “Don’t complain, unless you have a solution.” In my experience, this did not always have optimal outcomes: https://littlegreenviper.com/problems-and-solutions/
My favorite retort to that is, "I don't have to know how to fix it to know my arm is broken."
Stealing it...
I don’t make the purchasing decision for my employer, but I certainly have to deal with their fallout, so I’ll keep complaining if that’s okay with you.
If you are not part of the solution, then you are part of the problem.
If you’re so lucky that your employer lets you use any $TOOL you want, great, but I _have_ to use GitHub actions.
So I’m part of the problem? Me specifically?
What is it that you actually want me to do here?
Just refuse to do my job because I think the tools suck?
I've used CircleCI quite a bit in the past; it was pretty good. Feels tough for them to compete with GHA though when you're getting GHA credits for free with your code hosting.
I used Travis rather longer ago, it was not great. Circle was a massive step forward. I don't know if they have improved it since but it only felt useful for very simplistic workflows, as soon as you needed anything complex (including any software that didn't come out of the box) you were in a really awkward place.
CircleCI made great steps the last few years, f.e. to better support proper DRY working, supporting OPA policies-as-code, VSCode extensions with "dry-run" options.
For some examples of more advanced usecases take a look: https://circleci.com/blog/platform-toolkit/
Disclaimer: i work for CircleCI.
To be clear, I do think CircleCI is a better product than GHA. I just think there's a lot of air sucked out of the room by GHA being available 'for free' and out of the box.
Also, honestly, I don't care about any of those features. The main thing I want is a CI system that is fast and customisable and that I don't have to spend a lot of time debugging. I think CircleCI is pretty decent in that regard (the "rerun with SSH" thing is way better than anything else I've seen) but it doesn't seem to be getting any better over time (e.g. caching is still very primitive and coarse-grained).
I had a considerably better time with CircleCI in the past than with Github Actions currently. It feels much more like a complete product rather than a tacked on mess, I hate how disproportionately we count running cost just because we have numbers for it (vs. DX and velocity which are hard to measure and impossible to predict)
I mean, they do have a free plan with 6,000 minutes
> Anyone can complain as much as they want, but unless they put the money where their mouth is, it's just noise from lazy people.
Once I'm encharged of budge decisions of my company I'll make sure that none will go to any MS and Atlassian product. Until then I'll keep complaining.
It should be highlighted that Gitlab CI/CD (self-hostable runner and GitLab itself) is also OSS.
I'm a huge fan of: https://onedev.io/ it might not the best, but it's fast it and does it's job!
Or roll your own
I tried to use CircleCI and I gotta say, it is absolutely not better than GitHub Actions…
I have also used Travis. Ditto.
Github Actions is actually one of the better CI options out there, even if on an absolute scale it is still pretty bad.
As far as I can tell nobody has made a CI system that is actually good.
buildkite is leaps and bounds above the others. especially if you need to really tailor your workloads to the change diff (say in a monorepo), the dynamic pipeline support is superb.
really surprised there are no others though. dagger.io was in the space but the level of complexity is an order of magnitude higher
GitLab CI is pretty close to being actually good. Certainly less brittle than GitHub Actions from the looks of it...
1 reply →
JetBrains TeamCity is pretty good IMHO
I quite liked Bitrise for mobile apps when I used that.
CircleCI is 100% trash.
Don't waste your time
It sounds like you've never worked in a large org before.
according to travis-ci, Microsoft uses that? Lol
You're falling for a marketing trick.
What that type of section usually means is "there's someone from Microsoft that signed up for our service using his work account", sometimes it means "there's some tiny team within Microsoft that uses our product", but it very rarely (if ever) means "the entire company is completely reliant on our product".
Yes and no. Generally logo usage requires permission. While the usage isn’t the whole company, it’s enough to justify some sort of logo usage.