| -@gerrit:opendev.org- Kiril Valchev proposed: [zuul/nodepool] 933030: Add Azure Spot Virtual Machines support https://review.opendev.org/c/zuul/nodepool/+/933030 | 06:18 | |
| -@gerrit:opendev.org- Felix Edel proposed: [zuul/zuul] 933074: Use colorblind-friendly color schema for Zuul UI https://review.opendev.org/c/zuul/zuul/+/933074 | 08:34 | |
| -@gerrit:opendev.org- Felix Edel proposed: [zuul/zuul] 933081: Visualize fragmentation of QueueItem progressbar https://review.opendev.org/c/zuul/zuul/+/933081 | 09:40 | |
| -@gerrit:opendev.org- Felix Edel proposed: [zuul/zuul] 933081: Visualize fragmentation of QueueItem progressbar https://review.opendev.org/c/zuul/zuul/+/933081 | 09:43 | |
| -@gerrit:opendev.org- Benjamin Schanzel proposed: [zuul/zuul] 933085: zuul-web: Simplify tenant list https://review.opendev.org/c/zuul/zuul/+/933085 | 10:33 | |
| -@gerrit:opendev.org- Simon Westphahl proposed: | 10:34 | |
| - [zuul/zuul] 929273: Add support for 'min-ready' provider nodes https://review.opendev.org/c/zuul/zuul/+/929273 | ||
| - [zuul/zuul] 931779: Implement 'max-ready-age' handling https://review.opendev.org/c/zuul/zuul/+/931779 | ||
| - [zuul/zuul] 931780: Implement re-use of ready nodes w/o request https://review.opendev.org/c/zuul/zuul/+/931780 | ||
| - [zuul/zuul] 932170: Store state time for provider nodes https://review.opendev.org/c/zuul/zuul/+/932170 | ||
| - [zuul/zuul] 932179: Only expire nodes when no pending layout update https://review.opendev.org/c/zuul/zuul/+/932179 | ||
| - [zuul/zuul] 933086: Allow waiting for tree cache ltime sync point https://review.opendev.org/c/zuul/zuul/+/933086 | ||
| @gchristensen:matrix.org | Hi, I'm using GitHub Actions, and their OIDC support -- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers -- to authenticate with AWS. Is there a way to do something similar in a Zuul job? | 14:38 |
|---|---|---|
| @gchristensen:matrix.org | * Hi, I'm looking at Zuul, but right now I'm using GitHub Actions and their OIDC support -- https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers -- to authenticate with AWS. Is there a way to do something similar in a Zuul job? | 14:41 |
| @yodakv:matrix.org | Zuul jobs use ansible, so you can do everything that need | 14:48 |
| @clarkb:matrix.org | There is also this recent spec that was approved https://review.opendev.org/c/zuul/zuul/+/922450 that should enable that sort of workload but I don't think it has been implemented yet | 14:48 |
| @gchristensen:matrix.org | This spec is exactly what I'm hoping for! That's great! | 14:53 |
| @jim:acmegating.com | grahamc: in the mean time, so that it's not a blocker, you may be able to use a regular zuul secret to develop your jobs (with a little extra effort and levels of indirection) | 16:07 |
| @jangutter:matrix.org | grahamc: We use a similar trick to "delegate" secrets. The pre playbooks that run in trusted context can have access to use a regular zuul secret. That secret is used to establish trust and copy (delegate) the secrets to the jobs. Note that badly delegating is indistinguishable from leaking, of course. | 16:09 |
| -@gerrit:opendev.org- Joseph Kostreva proposed: [zuul/zuul] 933138: Add zuul regex support to project definitions https://review.opendev.org/c/zuul/zuul/+/933138 | 17:51 | |
| -@gerrit:opendev.org- Zuul merged on behalf of Felix Edel: [zuul/zuul] 933074: Use colorblind-friendly color schema for Zuul UI https://review.opendev.org/c/zuul/zuul/+/933074 | 21:14 | |
| @fungicide:matrix.org | > <@gchristensen:matrix.org> This spec is exactly what I'm hoping for! That's great! | 21:24 |
| to be clear, that was approved roughly a month ago, so https://zuul-ci.org/docs/zuul/latest/developer/specs/zuul-workload-identity-federation.html is a better url for it at this point | ||
| @clarkb:matrix.org | corvus: I asked a question about https://review.opendev.org/c/zuul/zuul/+/929978 yesterday so I didn't approve it. Not sure if you saw that | 21:49 |
| @clarkb:matrix.org | I do think it is mergable maybe with a minor update or we can probably ignore the minor update if I'm simply overlooking something that is more obvious | 21:50 |
| @jim:acmegating.com | Clark: yes, thanks -- i agree it's likely mergeable -- i'm going to double check whether i should add a comment or i think maybe i can switch the play target there. i'll do that first and decide on a course of action. | 21:56 |
| @clarkb:matrix.org | sounds good | 21:56 |
| @clarkb:matrix.org | corvus: have a question on https://review.opendev.org/c/zuul/zuul/+/901345 too | 22:02 |
| -@gerrit:opendev.org- Clark Boylan proposed: [zuul/nodepool] 933162: Bump dib up to 3.36.0 or newer https://review.opendev.org/c/zuul/nodepool/+/933162 | 22:36 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 933166: Simplify stream test_command https://review.opendev.org/c/zuul/zuul/+/933166 | 23:30 | |
| @jim:acmegating.com | Clark: ^ i think we should just approve that cleanup as a followup if that looks good. | 23:30 |
| @clarkb:matrix.org | corvus: agreed that makes it much clearer. +2 from me | 23:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!