Hey folks! I'm a solo developer working on a multi-tenant Laravel/Postgres school management system, and I'm hitting a point where I really need to implement proper CI/CD for both staging and production deployments. I'm torn between two options: either self-hosting GitLab with runners on DigitalOcean or using the cloud offerings from GitHub or GitLab.
My main concerns center around security and compliance, especially long-term SOC2; managing secrets effectively, particularly when deploying to AWS or DigitalOcean; and ensuring good availability in case my runner or repo server goes down.
Here are some specific questions I have:
1. Do you self-host your version control and CI/CD tools? How do you set it up—cloud provider, home lab, etc.?
2. What strategies do you use to securely connect to your AWS or DigitalOcean infrastructure? Do you prefer using OIDC, SSH keys, or something else?
3. For solo devs and small teams, is it a better idea to keep things simple with cloud providers, or is there something to gain from self-hosting?
4. If I do go the self-hosted route with GitLab, can I still ensure it's secure and compliant enough for audits, assuming I have a hardened infrastructure?
Right now, I'm leaning toward setting up GitLab on a home server or a separate DigitalOcean droplet, with everything hardened via Keycloak and Wireguard. I'm planning to have runners on the same network and deploy my apps to DOKS (and potentially to ECS down the line). I'd love to hear your experiences and thoughts on this! Thanks!
5 Answers
I think self-hosting GitLab might be overkill. Why not just stick with GitHub Actions? It handles everything you need without reinventing the wheel. When you self-host, you're introducing a lot of complexities that you might not need.
I've always gone with GitHub's cloud offering. It's pretty straightforward for security and compliance, and managing secrets for CI is also easier. Plus, the availability of cloud services tends to be higher than self-hosted ones. The downside? It can get a bit pricey depending on usage.
We use Azure Repos and Pipelines, but if I had more budget, I would definitely go for cloud hosting. For us, GitHub Actions works well for deployment pipelines, and they meet most compliance needs. Just make sure you have a solid script for deployment; you can even run it locally if you need to.
Honestly, major banks use GitHub and its Actions for CI/CD, so I wouldn’t sweat security too much. Your primary concern might just be the costs associated with GitHub, especially if you want to upgrade to an organization-level account. If you're down for self-hosting, just remember that auditors might raise eyebrows if it's not securely managed.
I'm also a Laravel developer! From what I've seen, self-hosting can work, but for small teams, it's often more hassle than it's worth. GitHub Actions or GitLab's SaaS setup with DigitalOcean would probably serve you well. Focus on shipping features rather than managing infrastructure unless you have the extra bandwidth!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically