Why I'm leaving GitHub for Forgejo

While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.

So, no thanks. I'll not be committing any personal code there anymore.

And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.

I'm fine like this.

Also, remember, "Open Source is not about You".

Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.

Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.

Something nobody's really calling out: Forgejo is genuinely hackable. I just added a "showcase" mode to my instance: private repos can show their README and root file listing publicly (so I can advertise that a project exists and what it does), but viewing actual code, cloning, issues, PRs are all locked behind group membership.

About an hour of work, small and frankly trivial diff: https://peoplesgrocers.com/code/forks/forgejo/pulls/1

I didn't have to fight the architecture at all, the seams were right where I needed them. Added migration adding a boolean column to the repo config table, a few tweaks in permission middleware, and voila, it just worked. Really excellent decoupling in the Forgejo codebase [1]

You can't do anything like this with GitHub. That's the actual freedom! Separate from the where-do-I-host-my-git question. There is a big difference between software that "sure technically I can change it since I have access to the source" vs software that's been constructed specifically to be customized and changed.

[1] Permission checks live in obvious places, the template system let me modify UI without touching unrelated code. Someone (many someones) clearly cared a lot about keeping this codebase modifiable by outsiders, and it shows. That's hard to do and should be more celebrated.

This was the original model of launchpad.net, it was supposed to be a hub of Foss that pulled in from the decentralised VCS's, and provide them all via bzr.

But bzr lost the battle, Canonical was slow to adopt Git, lack of investment in the platform, so it was another lunch that got taken from them.

I do not mean for this to come across as a nit, but think it's worth stating explicitly:

> Everyone seems to be leaving GitHub

A small minority is leaving Github; this group is more likely to write articles about the choice than those who still use Github.

I agree with this. Moving the git repo is easy, moving the whole project surface is the hard part.

Issues, releases, CI, docs, security advisories, search and discoverability all tend to get coupled to GitHub over time.

For open-source projects, I like the idea of self-hosted as the source of truth, but still keeping a read-only GitHub mirror so people can actually find it.

GitHub centralizes 2 things: Authentication, as well as Repository Hosting.

Does the code really need to be hosted in a central location like this? (Clearly not, which is why people are leaving GitHub in the first place)

But the one part GitHub provides that's genuinely valuable is the social aspect, and when you get a PR from a user named torvalds you can trust that this is in fact Linus. This isn't the case with more distributed systems.

That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.

I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.

"Git is decentralized"

Because is a kind of filesystem.

How a TEAM operate IS NOT.

And that is the point of Github.

There is no escape to the coordination problem!

(And if you say mails, patches, and other asynchronous ways: same thing, more complex)

I think you're forgetting issue tracking and CI.

> Everyone seems to be leaving GitHub, and forgetting the entire spirit of what git is in my eyes.

And here lies your misconception: services such as GitHub are really not about git. That's a red herring. It's not about tooling either. People use services such as GitHub because of things like issue management, access control, release management, project pages, and CICD integration. You click on a button and you create a repository that's automatically added to your organization, with all access controls sorted out. You click on a button and you grant read access to someone. You click on a button and you onboard a whole team.

Underneath it all, it's completely irrelevant if you are even using Git. Some people even use github's CLI interface instead. Does it matter if it's git or not? Do you even care?

I have personal projects hosted and mirrored across GitHub, Gitlab, and BitBucket. That works, but only as far as backups are concerned. Even in projects that onboarded onto a third party CICD system, git is really not the reason for picking one service over another.

Frustration from the outages, anti-AI sentiment, and the anti-hosted-software sentiment are converging.

On the positive side, HN has gone through multiple periods of enthusiasm for new code forges. There was even excitement for GitHub at one point. :) It’s good because all the forges generally add each other’s features if one takes off.

I also have a self hosted Foregejo on a Pi (but probably not much longer) that acts as a mirror of my GitHub. The main issues I keep facing are:

- Repositories seem to mirror fine for a few weeks and stop. Pretty useless. I have a PAT token for it that does not expire, and yet it seems to claim otherwise, despite the token working elsewhere when I test it.

- Sometimes there is nothing in the logs, sometimes it's the database being locked for some reason. The only thing that uses the database is Forgejo.

- So far I haven't been able to tell if this is Forgejo, crappy SD IO on the Pi causing database locks, or Forgejo sucking at being a mirror.

> It's a shame that all these companies that benefited from open source have poisoned the industry like this

Open Source and the OSI are an industry plant. Look at who sponsors it.

The monopoly hyperscaler conglomerates get free labor and use it to build the world we despise: tracking panopticons, phones we can't install things on, device attestation, browser monoculture with no adblock, etc. etc.

Google made people fall in love with BSD/MIT, and look what it did.

Just a few of the classic plays:

"That Belongs to Us Now" - (1) vendors build stuff like Elasticsearch and Redis, (2) the hyperscalers yoink it into their proprietary offerings and take all the profits, (3) original authors and their companies starve.

"Embrace, Extend, Extinguish" - (1) vendors take an open source project like KTHML or Linux and build their version, (2) they flood the market with their offering, pushing out the competitors, (3) they use anti-competitive means to get their thing in front of all eyeballs, (4) once they have marketshare, they do evil things like add tracking and remove freedoms

Open Source needs to replaced with "freedom for the people, companies must pay". Source available shareware with anti-hyperscaler teeth.

Even Richard Stallman's licenses are not strong enough. CC BY-NC-SA is better.

"Pure" Open Source is corporate welfare. It was a mistake. It enabled giants to hang us with our own rope.

Why would someone gladly provide their work as open source but draw the line at AI reading it and using that knowledge to help more programmers later? It makes no sense to me. I actively want all of my code to be read by AI.

Thank you for this, GitSocial is a very cool piece of software!

TIL. Thanks!

github is a social network. git hosting is just a minor feature. thats why none of these alternatives ever take off .

I love fossil. Something about it's opinionated workflow that matches what I think. But

network effects. I just can not bring my team to use fossil. They have to share code with others. Other departments. And everyone (99%+) uses git. It just feels like a disservice to force them to use fossil. It is a catch-22.

It is similar to so many other things in the tech space. Trying to get fellow developers to use functional style idioms. Trying to enforce immutability. It is like something big (like a facebook or google project) has to force the community to get on board.

I considered Fossil several years ago and while it's really cool (everything being integrated is awesome), I don't like Fossil from a philosophical perspective. There's no way to clean up history, it preserves everything as is. If that's what you want, great, but as part of my git workflow I like to mess around and then go back and clean up and organize my commits before pushing them.

I feel like LLMs will help solve this problem they've created, TBH -- any human expert can tell in seconds when a repo has this problem, so it should be doable by a system that's tweaked over. The tricky part is writing a legal agreement that lets them apply vibe quotas!

This is what Anthropic is already doing with CC, and tbh GitHub and GitLab are probably doing the same. The cost is some hate from devs on Twitter and random small subreddits ofc, but I bet that's well worth it!

OTOH, it does kinda blow my mind how often I see people (on /r/vibecoding and elsewhere) paying for a $200/mo subscription to produce what amount to hobby projects and toy sites. I've been known to make some silly money decisions when I can afford it, but this feels different.

I guess it's a $2400 annual subscription to a service providing Meaning and Purpose? If you're around 40 and realizing that you'll never be rich or famous, this might actually affordable compared to the alternatives!

Decentralized means no single center. Of course people want it because the single centralized management is insufficient for some reason or another.

There is no difference between what you say people cry for and what you say they actually want.

If only you bothered to read the first line of the article, directly under the title:

>I moved my code from GitHub to a self-hosted Forgejo

I think decentralization is the wrong answer for what people really need: portability.

I think some people are mentally ill, and think decentralization is a libertarian ideal where they can have all benefits of society, but they don't have to pay for the roads, the fire department, etc. That some how, those things will spontaneously appear because of <free market babble>.

Others recognize there's some kind of more comfortable middle ground where decentralization means the same as a town/city/state type of social good that is independent and capable of working without larger centralized structures. Having to work towards it, pay money into it, etc, are expected but because the work that goes into maintaining the infrastructure has a clear line of derivation (taxes clearly go to X, Y, Z) would be a benefit.

It's typically the first class tho that dominates all conversations regarding decentralization, and that class includes the Epstein billionaires who just dont want laws to apply anywhere they want to do unethical, immoral and whatever. eg, money is the only law.

Yes -- it's definitely alpha software, but usable for open source. There are interesting experiments like tack[1] to wire in custom CI. I imagine they'll be able to support private repos eventually once ATProto supports private data, but that may take some time.

[1]: https://tangled.org/mitchellh.com/tack

I would love to use it, mostly for the jj compatibility and the nice CI implementation, but I need private repos so sadly this is not yet for me.

It's too decentralized for my taste IMO.

I like using radicle.xyz instead.

This is literaly just a bare repo over ssh, and a gitweb interface.

It's too trivial for anyone to be selling that. And I don't think there's a large market for $5-$10 barebones setup when GH is free and you can self host.

SourceHut sounds very close to what you describe: https://sr.ht/

I think Gitlab is probably the best option, or gitea. Personally I'm not a fan of Codeberg - I think their licensing is a mess.

SourceHut is good, and despite you not wanting to self host, self hosting a git repo is one of the easiest things to self host

Just hosting the code is hard now, right? The hosting company is signing up for a battle against infinite-appetite scraping organizations.

Unfortunately all the current managed offerings aren't very good. I'm still wondering why nobody starts a new startup

There are multiple alternatives to Github for example Gitlab, Codeberg or sourcehut

Yup, I’ve done this. I use a fly.io proxy that runs nginx, fail2ban, and that forwards to my tailnet where Caddy resolves to the actual instance. It’s critical that you disable local registration - I have authentik (only available on the tailnet) as an IdP but you can also just disable reg after making your own account of course. I also have a robots.txt that disables some stuff like all the individual rendered git commit views otherwise scrapers get stuck in an endless loop and also I strictly forbid access to the forgejo package repository since I have some private packages and the permission granularity there is not what I want it to be, still dialing that in. I’m keeping an eye on it and so far nothing terrible has happened. docs.eblu.me if you would like details… I could also link straight to the infra code if you like.

> I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?

I've done this too in the past, I'm still running the internal/lan Forgejo instance, but not any public instance at the moment. But in the past, I've setup a public read-only instance, which mirrors my internal one, then one reverse-proxy connection from the internal to the public instance, which the public one uses for getting the git data. Then it mostly just kept on working by itself, whenever I changed anything in the internal Forgejo, the public one got updated, yet I could keep all issues, CI and more completely private and on lan.

When I adopted Foregjo I did so because I didn't like the sound of some political arguments across threads about some alleged security issues Foregjo raised with Gitea who allegedly ignored them.

What keeps you using Gitea? I'm wondering if I should try it over Foregejo now.

> I'd be more curious as to why people are staying on GitHub

Vanity metrics.

GitHub initially tried to shy away from this, I remember conversations with early GitHub engineers trying to make sure "Stars" and "Followers" numbers were going into the direction of being just for vanity and popularity.

Then eventually the profile READMEs appeared, which people now use for showing even more vanity metrics and brag about how much code they can produce in how little days.

Since employers also ask you for a GitHub profile, it ends up being needed for new developers to make an entry into the industry, without it companies will basically ignore you. Unless you're really, really good, which to be honest, most of us aren't.

Microsoft did that for a lot longer than I expected honestly. Historically they would take a year or so before giving up on the "you're an independent company" bit and merge the team into MS orgs.

GitHub pulled it off for 5ish years before that began to change, and it was only last year when they stopped having their own "CEO".

How much utilization do you have? For low scale, it's hard to beat GitHub Actions as they offer free runners for public repos and include a bunch of free hours for private repos.

Once you start paying for it, GitHub Actions runners are very expensive. I've used both Jenkins and GitLab before to self-host CI/CD, and you save so much using on-demand (or at higher scale, reserved) cloud instances. I do freelance DevOps work and I've helped clients with these sorts of challenges.

Can you push from Forgejo to GitHub for actions until you can find a replacement?

CircleCI?

Use gitea which has github actions compatibility.

I think a lot of people within the US don't realize how badly US is seen from the outside, especially from "allies".

Illegal tariffs, threatening tariffs, NATO sabotage, threatening invasion, abandoning Ukraine, supporting Russia. It's not just one guy doing this, he has a whole party behind him that could reel him in any second.

it's about GitHub's issues in general, including outages. every section gets somewhat equal amount of attention

Wasn't gitea a fork of forgejo?

They said that the First World War was impossible due to increasing trade dependencies between the European powers, and look how that turned out. ‘This is a terrible idea,’ is sadly not the deterrent to starting a war that it ought to be.

They make it rather easy by providing an audio pronunciation: https://forgejo.org/static/forgejo.mp4

With my American accent, I don't quite say it exactly like the recording, but pretty close: "for-JAY-oh"

Apparently it's pronounced (phonetically) as for-JAY-oh, an audio sample is here: https://forgejo.org/faq/

You piqued my curiosity :)

edit: Ah, I was beaten to the punch :(

Super interesting, mind sharing your exclusions and hooks?

If you have a VPS that's always running, you can just use it as a git remote through SSH without moving things around or any third party software, just put the Git repo on the VPS and clone it via "git clone ssh://user@host/path". You get authentication, encryption and synchronization out of the box with just ssh/git.

CI/CD, package registry, issue tracking in one place?

Last I looked, Forgejo had more activity and more contributors than Gitea. Also, Forgejo eats its own dogfood: Codeberg runs on it, and hosts it, while Gitea runs on GitHub.

It’s easy to make the case that Forgejo is good enough for public hosting. Gitea probably is, too, but there’s less direct evidence.

We just released support for Forgejo with RWX CI/CD: https://www.rwx.com/docs/getting-started/forgejo

From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.

I keep CI/CD super super simple, but was able to set it up for my Python repos in 15 minutes, with compatibility with GitHub actions (using the same yaml file at the same path)

It’s act runner. So you can continue using GitHub actions with minor changes

I got my own Forgejo, but I'm still on Github. That's the easiest way to check what the people I follow push, comment or star. I like this part of Github a lot.