| *** dmsimard has quit IRC | 01:30 | |
| *** dmsimard has joined #zuul | 01:54 | |
| *** swest has quit IRC | 02:29 | |
| *** swest has joined #zuul | 02:44 | |
| *** bhavikdbavishi has joined #zuul | 05:40 | |
| *** bhavikdbavishi has quit IRC | 06:33 | |
| *** pcaruana has joined #zuul | 06:45 | |
| *** lennyb has joined #zuul | 06:57 | |
| *** goern has quit IRC | 07:34 | |
| *** bhavikdbavishi has joined #zuul | 09:39 | |
| *** bhavikdbavishi has quit IRC | 10:49 | |
| *** chandankumar has joined #zuul | 17:04 | |
| *** chandankumar has quit IRC | 17:08 | |
| *** dkehn has quit IRC | 17:13 | |
| *** ssbarnea_ has joined #zuul | 17:21 | |
| *** ssbarnea_ has quit IRC | 17:21 | |
| *** goern has joined #zuul | 18:17 | |
| goern | hey all, I am experimenting with secrets and running jobs in pods. It looks like I cant understand why https://github.com/thoth-station/user-api/blob/fabf3d408e935c04b45f200e7938ecd3df1d26da/devops_redeploy.yaml#L3 is telling me that `service_account` is an undefined var, I think I defined it at https://github.com/thoth-station/user-api/blob/fabf3d408e935c04b45f200e7938ecd3df1d26da/.zuul.yaml#L44 It feels like the secret is not available to the | 19:23 |
|---|---|---|
| goern | playbook running in the pod?! | 19:23 |
| *** rlandy has joined #zuul | 20:30 | |
| *** dkehn has joined #zuul | 20:49 | |
| *** pcaruana has quit IRC | 21:20 | |
| ianw | goern: hrm, i'm not fully across what you've got going on, but it looks to me you're trying to use the secret in the "check" queue? | 22:55 |
| ianw | basically secrets only work in post-review queues; see https://zuul-ci.org/docs/zuul/user/config.html?highlight=secret#secret | 22:55 |
| ianw | this is to prevent anyone who can propose a change essentially doing an "echo secret" in their proposed change, which is obviously bad :) | 22:56 |
| mordred | ianw, goern yes - however, there is another thing amiss here ... | 23:28 |
| mordred | which is that the job in question, (thoth-redeploy) doesn't actually request that secret. so the secret is being defined, but the job isn't using it | 23:28 |
| mordred | goern: in the thoth-redeploy job, add "secrets: - service_account" | 23:30 |
| *** rlandy has quit IRC | 23:32 | |
| goern | ianw, ack, will move the job, its in check pipeline just for the sake of testing, post is correct... | 23:40 |
| goern | mordred, the job requesting the secret is new to me, I understood it as "a secret will be a var and can be accessed by jobs" | 23:41 |
| goern | mordred, this is it... https://zuul-ci.org/docs/zuul/user/config.html?highlight=secret#attr-job.secrets | 23:46 |
| goern | ianw, what is the best way to develop such jobs? having it in a post review pipeline and let it merge doesnt seem feasible?! | 23:51 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!