| @mnaser:matrix.org | Is there any way at all of running a job with a secret in a pre-review pipeline? | 00:17 |
|---|---|---|
| @mnaser:matrix.org | In my case, I am running Molecule against a cloud, so I kinda need credentials to get added even in pre-review jobs. I tried adding the job to a trusted project and referencing it inside the untrusted one, but no good.. | 00:19 |
| @mnaser:matrix.org | hmm, actually this is weird. even though this job is defined inside a config-project, i get.. "Unable to freeze job graph: Pre-review pipeline check does not allow post-review job" | 00:33 |
| @mnaser:matrix.org | ok, well I made progress -- but I actually managed to somehow get Zuul to not respond.. at all? | 01:53 |
| https://review.opendev.org/c/vexxhost/ansible-collection-atmosphere/+/833476/15/.zuul.yaml | ||
| @fungicide:matrix.org | mnaser: you can use secrets in playbooks which are in trusted config projects even in pre-review pipelines, for example log uploading works this way | 13:56 |
| @fungicide:matrix.org | the risk is that if the playbook puts the secret onto a job node though, a proposed change could echo it to the logs or something as a trivial way of getting ahold of those credentials | 13:58 |
| @fungicide:matrix.org | also, looks like you managed to work through your zuul config errors in that change last night, awesome | 13:59 |
| @mnaser:matrix.org | > <@fungicide:matrix.org> also, looks like you managed to work through your zuul config errors in that change last night, awesome | 21:41 |
| yep, all good now, churning through slowly uploading things one by one :) | ||
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!