| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 874718: Add GitHub pipeline trigger requirements https://review.opendev.org/c/zuul/zuul/+/874718 | 00:01 | |
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: wip: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 07:40 | |
| @flaper87:matrix.org | > <@jim:acmegating.com> sorry, no examples that i can think of | 07:55 |
|---|---|---|
| Ok, just found one. The `add-build-sshkey` role in zuul-jobs | ||
| @flaper87:matrix.org | > <@flaper87:matrix.org> Ok, just found one. The `add-build-sshkey` role in zuul-jobs | 07:56 |
| I mean, the variable I was looking for is `zuul.executor.work_root` I guess. I will experiment a bit. Thanks | ||
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 09:01 | |
| -@gerrit:opendev.org- Ade Lee proposed: [zuul/zuul-jobs] 873893: Add conditional for UA registration role https://review.opendev.org/c/zuul/zuul-jobs/+/873893 | 09:31 | |
| -@gerrit:opendev.org- Ade Lee proposed: | 10:51 | |
| - [zuul/zuul-jobs] 873893: Changes to make fips work on ubuntu https://review.opendev.org/c/zuul/zuul-jobs/+/873893 | ||
| - [zuul/zuul-jobs] 874907: Add conditional for UA registration role https://review.opendev.org/c/zuul/zuul-jobs/+/874907 | ||
| @g_gobi:matrix.org | Clark: https://opendev.org/zuul/zuul/src/branch/master/doc/source/examples/docker-compose.yaml | 11:20 |
| Where we have the merger config? | ||
| @flaper87:matrix.org | Is there a way to flag a job that has a `secret` as a `pre-review` job? I've set `post-review` false in the pipeline, base job, and the job itself but I'm getting: `Once set, the post-review attribute may not be unset` | 11:48 |
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 12:11 | |
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 14:17 | |
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 14:17 | |
| @jim:acmegating.com | flaper87: the variables are documented here: https://zuul-ci.org/docs/zuul/latest/job-content.html#zuul-variables | 14:23 |
| @jim:acmegating.com | flaper87: there's a lot of documentation about secrets too | 14:24 |
| @flaper87:matrix.org | Ah, thanks for the link to the variables. Will check them out. | 14:38 |
| @flaper87:matrix.org | As for the secret, I read through the docs and I see the mention that `post-review` will be set to true for jobs that are not in a trusted repo, IIRC. I tried moving the secret to my trusted repo but I still had that message coming up. I must have done something wrong. Will check again. | 14:39 |
| -@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 874643: extra-config-files/dirs in items of a bundle should be loaded https://review.opendev.org/c/zuul/zuul/+/874643 | 15:20 | |
| @fungicide:matrix.org | > <@flaper87:matrix.org> As for the secret, I read through the docs and I see the mention that `post-review` will be set to true for jobs that are not in a trusted repo, IIRC. I tried moving the secret to my trusted repo but I still had that message coming up. I must have done something wrong. Will check again. | 15:35 |
| any playbook which uses that secret also needs to be in the repo where the secret is defined (or the secret can be passed by the job in that repo to a parent job in another repo explicitly) | ||
| @fungicide:matrix.org | has anybody noticed the ansible-lint errors we've started getting on zuul-jobs changes? not sure if it's a new ansible-lint release or something is ignoring our exclusions, but want to make sure nobody else is working on it already before i spend time digging into the problem | 15:37 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 874718: Add GitHub pipeline trigger requirements https://review.opendev.org/c/zuul/zuul/+/874718 | 15:49 | |
| @flaper87:matrix.org | > <@fungicide:matrix.org> any playbook which uses that secret also needs to be in the repo where the secret is defined (or the secret can be passed by the job in that repo to a parent job in another repo explicitly) | 16:58 |
| Even child playbooks? Like, I moved the secret to the config repo where I have defined a base job from which all other jobs inherit from. This base job is the one that consumes this secret and, AFAIU, the secret is never passed to the children jobs | ||
| @flaper87:matrix.org | Semi-related question: What pat hare the (un)trusted_ro_paths mounted to in the executor context? I was assuming they were mounted in the same path. That is, if the path is `/etc/zuul/test/` it would be in `/etc/zuul/test` inside the execution context | 16:59 |
| @flaper87:matrix.org | > <@flaper87:matrix.org> Semi-related question: What pat hare the (un)trusted_ro_paths mounted to in the executor context? I was assuming they were mounted in the same path. That is, if the path is `/etc/zuul/test/` it would be in `/etc/zuul/test` inside the execution context | 17:01 |
| mmh, I think I just answered myself by grepping the executor logs: `--ro-bind /etc/zuul/test/ /etc/zuul/test/` | ||
| @fungicide:matrix.org | > <@flaper87:matrix.org> Semi-related question: What pat hare the (un)trusted_ro_paths mounted to in the executor context? I was assuming they were mounted in the same path. That is, if the path is `/etc/zuul/test/` it would be in `/etc/zuul/test` inside the execution context | 17:41 |
| right, a job/playbook can use a secret defined in the same repository, or it can pass it to a parent. access to secrets is not inherited | ||
| @fungicide:matrix.org | > <@flaper87:matrix.org> Even child playbooks? Like, I moved the secret to the config repo where I have defined a base job from which all other jobs inherit from. This base job is the one that consumes this secret and, AFAIU, the secret is never passed to the children jobs | 17:46 |
| right, a job/playbook can use a secret defined in the same repository, or it can pass it to a parent. access to secrets is not inherited | ||
| @fungicide:matrix.org | `Recognize role-name[path] also inside roles block (#3034)` might explain the new ansible-lint errors https://github.com/ansible/ansible-lint/releases/tag/v6.13.0 | 17:55 |
| @fungicide:matrix.org | nevermind, that's something different | 17:56 |
| @flaper87:matrix.org | > <@flaper87:matrix.org> mmh, I think I just answered myself by grepping the executor logs: `--ro-bind /etc/zuul/test/ /etc/zuul/test/` | 17:59 |
| also, note to self: `untrusted_ro_paths` is only mounted on *untrusted-projects* jobs :) It was wrong of me to assume it would also be mounted on the trusted projects 🤦♂️ | ||
| -@gerrit:opendev.org- Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org proposed: [zuul/zuul-jobs] 874955: Cap ansible-lint <6.13 https://review.opendev.org/c/zuul/zuul-jobs/+/874955 | 18:36 | |
| @fungicide:matrix.org | that ^ seems to be the first change to pass the linters job sinc ethe 15th, and will un-block pending changes to zuul-jobs | 18:45 |
| @fungicide:matrix.org | * that ^ seems to be the first change to pass the linters job since the 15th, and will un-block pending changes to zuul-jobs | 18:45 |
| -@gerrit:opendev.org- Zuul merged on behalf of Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org: [zuul/zuul-jobs] 874955: Cap ansible-lint <6.13 https://review.opendev.org/c/zuul/zuul-jobs/+/874955 | 19:47 | |
| -@gerrit:opendev.org- Michael Kelly proposed: | 21:20 | |
| - [zuul/zuul] 869785: manager: Remove unnecessary job_graph check from executeJobs() https://review.opendev.org/c/zuul/zuul/+/869785 | ||
| - [zuul/zuul] 869786: model: Eliminate semaphore_handler parameter on findJobsTo*() https://review.opendev.org/c/zuul/zuul/+/869786 | ||
| -@gerrit:opendev.org- Michael Kelly proposed: | 21:48 | |
| - [zuul/zuul-jobs] 871539: roles: Add git-submodule-init role https://review.opendev.org/c/zuul/zuul-jobs/+/871539 | ||
| - [zuul/zuul-jobs] 871679: roles: Add ensure-git-lfs https://review.opendev.org/c/zuul/zuul-jobs/+/871679 | ||
| - [zuul/zuul-jobs] 871680: roles: Add git-lfs-init https://review.opendev.org/c/zuul/zuul-jobs/+/871680 | ||
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!