Let say a fedeproxy installation is made of two servers:
- A Mastodon server in which user accounts represent a software project
- The URL of the user is for instance https://github.com/ceph/ceph
- The user logs in Mastodon using OAuth2 on github.com and if Mastodon see the user is an admin of https://github.com/ceph/ceph it allows the user to control this account otherwise it does not
- The Mastodon user account for https://github.com/ceph/ceph can be set to follow https://mygitlab.com/myuser/ceph
- A fedeproxy server that is a client of the Mastodon server:
- Listening when it receives a “commit push” activity notification from a Mastodon user, for instance https://github.com/ceph/ceph
- It gets the list of software projects it follows
- For each of them it fetches the latest state of the repository which contains not only code but also the representation of tickets, merge requests etc.
- Pushes the newer commits on https://github.com/ceph/ceph
- Interprets the data and uses the forge API to keep it up to date (i.e. reads the file describing an issue and uses the API to update the issue with new comments)
- Periodically fetches the state of https://github.com/ceph/ceph and publishes a “commit push” activity if there is something new
- Listening when it receives a “commit push” activity notification from a Mastodon user, for instance https://github.com/ceph/ceph
In other words, there is no need for fedeproxy to know more about ActivityPub than what a well behaved client would. It should not be an ActivityPub server. It cannot, however, rely on a vanilla Mastodon server because it needs the OAuth2 token obtained from GitHub / GitLab to act on behalf of the user. And Mastodon must also be able to only allow users that are admins of a given software project to control the account. The list of projects that are followed is assumed to be consistent because the admins update it.
I should look into Mastodon to see how / if it can be extended with plugins, what is the state of the OAuth2 implementation, if there are plugins or extensions.