| @mnasiadka:matrix.org | Hello - is there a way to run some jobs in config-project? E.g. I'd like to test the pre/post/post-logs playbooks before they get merged | 06:28 |
|---|---|---|
| @mnasiadka:matrix.org | > <@harbott.osism.tech:regio.chat> `-opendevstatus:#opendev- NOTICE: the gerrit service (https://review.opendev.org) is currently down, please be patient while we work on restoring it` | 06:45 |
| > maybe someone wants to teach status bot about the matrix, too? also the opendev team certainly could use more sysadmins helping out, in particular outside of american timezones | ||
| Happy to help with anything after I come back from vacation (5th Aug), and I guess I qualify for outside of american timezones :) | ||
| -@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: | 07:20 | |
| - [zuul/zuul] 955220: Delete nodeset request lock path https://review.opendev.org/c/zuul/zuul/+/955220 | ||
| - [zuul/zuul] 955221: Drop nodescan worker from node when complete https://review.opendev.org/c/zuul/zuul/+/955221 | ||
| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 954918: Export spans for provider node create/delete phase https://review.opendev.org/c/zuul/zuul/+/954918 | 08:46 | |
| @fungicide:matrix.org | mnasiadka: the way we usually do it in opendev is to have two versions of the job and keep them in sync (ideally put as much of the logic as possible in a parent job in order to simplify that) | 13:12 |
| @mnasiadka:matrix.org | fungi: thanks :) | 13:13 |
| @jangutter:matrix.org | mnasiadka: example is here: | 13:15 |
| https://opendev.org/opendev/base-jobs/src/branch/master/zuul.d/jobs.yaml | ||
| @fungicide:matrix.org | usually if you have a job in a config repo it's for safety reasons, because running the job pre-review could leak sensitive data or access to untrusted users, so the difference between the two jobs would ideally just be the risky parts | 13:15 |
| @fungicide:matrix.org | maybe a more involved example would be opendev's deploy pipeline jobs. we have check/gate versions of most of them that run the same playbooks and mainly differ by whether they get access to sensitive hostvars or test vector replacements for them | 13:17 |
| @fungicide:matrix.org | the other big difference in that case is that the check/gate versions of the jobs run exercises on the fake ephemeral service deployments so we can see if things worked as expected after deploying the proposed changes | 13:18 |
| @fungicide:matrix.org | but all the deploy logic is shared between the two kinds of jobs | 13:19 |
| @jangutter:matrix.org | I think you're still able to run linters on the _workdir_ of the pre-merge review? If a job is triggered from a trusted project it will only execute code from merged code. This includes the case where you're including roles from another untrusted repo. | 13:20 |
| @fungicide:matrix.org | yes, to be clear it's that zuul won't pre-emptively exercise proposed changes to its own configuration in config repos | 13:21 |
| @fungicide:matrix.org | changes for other content in those repos can still be tested before merging, of course | 13:22 |
| @jangutter:matrix.org | This particular security model grants extraordinarily low trust to review uploaders and works very well at scale. You have to work very hard to break the security model and, more importantly, you'd have to convince a human. | 13:28 |
| Another trick I've seen is the zuul-tests.d extra config in zuul-jobs: | ||
| https://opendev.org/zuul/zuul-jobs/src/branch/master/zuul-tests.d | ||
| It allows one tenant to run a superset of tests, and other tenants can consume the jobs. | ||
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 955292: Handle another form of openstack quota error message: https://review.opendev.org/c/zuul/zuul/+/955292 | 14:24 | |
| @nitarek123:matrix.org | How do you trigger a periodic pipeline to run on "main" using zuul-client? It seems like everything expects a change to be present | 16:37 |
| @fungicide:matrix.org | while i don't have an answer, the question boils down to how to manually enqueue a buildset for a project+branch on a timer triggered pipeline | 16:38 |
| @nitarek123:matrix.org | I see the docs mention something like: | 16:40 |
| ``` | ||
| zuul-client enqueue-ref --tenant openstack --trigger timer --pipeline periodic --project openstack/example_project --ref refs/heads/master | ||
| ``` | ||
| But AFAIK, --trigger isn't an option even for zuul-client? | ||
| @fungicide:matrix.org | yeah, i see that listed under the zuul-client enqueue-ref examples at https://zuul-ci.org/docs/zuul-client/commands.html#enqueue-ref | 16:42 |
| @fungicide:matrix.org | that example dates back to the original breakout of zuul-client when the repository was initiated 5 years ago, so does seem like it could be stale | 16:45 |
| @fungicide:matrix.org | nitarek123: have you tried just leaving out the "--trigger timer" option? | 16:47 |
| @fungicide:matrix.org | what sort of error message do you get? | 16:48 |
| @nitarek123:matrix.org | Yes, that does seem to trigger it on `refs/heads/master`, so it seems to work! | 17:02 |
| @fungicide:matrix.org | sounded like you wanted refs/heads/main instead, but yeah i guess we could stand to remove incorrect references to the --trigger option in the docs then | 17:04 |
| @jim:acmegating.com | nitarek123: if you wanted to propose a change to fix the docs, i would be happy to review it | 17:04 |
| -@gerrit:opendev.org- Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org proposed: [zuul/zuul-client] 955312: Remove references to invalid --trigger option https://review.opendev.org/c/zuul/zuul-client/+/955312 | 17:06 | |
| @fungicide:matrix.org | too late :/ | 17:06 |
| @fungicide:matrix.org | i submitted it before i saw that comment, sorrt | 17:07 |
| @fungicide:matrix.org | s/sorrt/sorry/ | 17:07 |
| @fungicide:matrix.org | though reviews and improvements from nitarek123 would be appreciated nonetheless! | 17:07 |
| @nitarek123:matrix.org | You're all good! Thank you for bringing in this fix! | 17:08 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 21:00 | |
| - [zuul/zuul] 955040: Add QuotaCache class https://review.opendev.org/c/zuul/zuul/+/955040 | ||
| - [zuul/zuul] 955106: Plumb zk_client through to endpoints https://review.opendev.org/c/zuul/zuul/+/955106 | ||
| - [zuul/zuul] 955107: Update drivers to use QuotaCache https://review.opendev.org/c/zuul/zuul/+/955107 | ||
| - [zuul/zuul] 955325: Implement zuul-launcher connection filter https://review.opendev.org/c/zuul/zuul/+/955325 | ||
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 955329: DNM: Add replication delay to Gerrit https://review.opendev.org/c/zuul/zuul/+/955329 | 21:36 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 955292: Handle another form of openstack quota error message https://review.opendev.org/c/zuul/zuul/+/955292 | 21:37 | |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!