| -@gerrit:opendev.org- Ian Wienand proposed: | 00:50 | |
| - [zuul/zuul-jobs] 879009: promote-container-image: add promote_container_image_method https://review.opendev.org/c/zuul/zuul-jobs/+/879009 | ||
| - [zuul/zuul-jobs] 878614: remove-registry-tag: role to delete tags from registry https://review.opendev.org/c/zuul/zuul-jobs/+/878614 | ||
| - [zuul/zuul-jobs] 878740: promote-container-image: use generic tag removal role https://review.opendev.org/c/zuul/zuul-jobs/+/878740 | ||
| - [zuul/zuul-jobs] 878810: remove-registry-tag: update docker age match https://review.opendev.org/c/zuul/zuul-jobs/+/878810 | ||
| @iwienand:matrix.org | ^ thanks for going back-and-forth with me on that, i think that's much clearer | 00:51 |
|---|---|---|
| -@gerrit:opendev.org- Ian Wienand proposed: | 02:50 | |
| - [zuul/zuul-jobs] 878740: promote-container-image: use generic tag removal role https://review.opendev.org/c/zuul/zuul-jobs/+/878740 | ||
| - [zuul/zuul-jobs] 878810: remove-registry-tag: update docker age match https://review.opendev.org/c/zuul/zuul-jobs/+/878810 | ||
| @jjbeckman:matrix.org | Hello folks. I have been able to get Zuul functioning along with GitHub with the following settings, but would appreciated some advice. | 06:57 |
| ``` | ||
| [connection "github"] | ||
| app_id={redacted} | ||
| app_key=/etc/zuul/github_app/id_rsa # GitHub App Private key | ||
| driver=github | ||
| sshkey=/etc/zuul/connections/github/sshkey # My personal Private key for the GitHub repos I want to use with Zuul | ||
| webhook_token={redacted} | ||
| ``` | ||
| Obviously, using one's private key for `sshkey` in this way is not a good idea, but I found that when setting the GitHub App Private key instead, git cloning operations all fail. Is there a generally accepted approach on what Private key I should set for `sshkey`? | ||
| Also, could someone please confirm whether the following statement in the official docs is accurate or not? | ||
| https://zuul-ci.org/docs/zuul/latest/drivers/github.html#connection-configuration | ||
| > <github connection>.sshkey | ||
| > Default:~/.ssh/id_rsa | ||
| > Path to SSH key to use when cloning github repositories **if Zuul is configured with Webhooks.** | ||
| I have configured Zuul to integrate with GitHub via the GitHub App method, so my understanding is that `sshkey` doesn't need to be set. | ||
| However, `scheduler` tries to use it nevertheless, making me doubt if my understanding is correct. | ||
| ``` | ||
| ERROR zuul.AnsibleJob: subprocess.CalledProcessError: Command '['ssh-add', '/root/.ssh/id_rsa']' returned non-zero exit status 1. | ||
| ``` | ||
| -@gerrit:opendev.org- Tobias Urdin proposed: [zuul/zuul] 877587: web: add dark mode and theme selection https://review.opendev.org/c/zuul/zuul/+/877587 | 07:47 | |
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 803209: CORS: support regular expressions in allowed origins https://review.opendev.org/c/zuul/zuul/+/803209 | 07:59 | |
| -@gerrit:opendev.org- Tobias Urdin proposed: [zuul/zuul] 877587: web: add dark mode and theme selection https://review.opendev.org/c/zuul/zuul/+/877587 | 08:52 | |
| @clarkb:matrix.org | > <@jjbeckman:matrix.org> Hello folks. I have been able to get Zuul functioning along with GitHub with the following settings, but would appreciated some advice. | 14:33 |
| > | ||
| > ``` | ||
| > [connection "github"] | ||
| > app_id={redacted} | ||
| > app_key=/etc/zuul/github_app/id_rsa # GitHub App Private key | ||
| > driver=github | ||
| > sshkey=/etc/zuul/connections/github/sshkey # My personal Private key for the GitHub repos I want to use with Zuul | ||
| > webhook_token={redacted} | ||
| > ``` | ||
| > | ||
| > Obviously, using one's private key for `sshkey` in this way is not a good idea, but I found that when setting the GitHub App Private key instead, git cloning operations all fail. Is there a generally accepted approach on what Private key I should set for `sshkey`? | ||
| > | ||
| > Also, could someone please confirm whether the following statement in the official docs is accurate or not? | ||
| > https://zuul-ci.org/docs/zuul/latest/drivers/github.html#connection-configuration | ||
| > | ||
| > > <github connection>.sshkey | ||
| > > Default:~/.ssh/id_rsa | ||
| > > Path to SSH key to use when cloning github repositories **if Zuul is configured with Webhooks.** | ||
| > | ||
| > I have configured Zuul to integrate with GitHub via the GitHub App method, so my understanding is that `sshkey` doesn't need to be set. | ||
| > However, `scheduler` tries to use it nevertheless, making me doubt if my understanding is correct. | ||
| > | ||
| > ``` | ||
| > ERROR zuul.AnsibleJob: subprocess.CalledProcessError: Command '['ssh-add', '/root/.ssh/id_rsa']' returned non-zero exit status 1. | ||
| > ``` | ||
| The application key is used to sign web auth tokens for API requests. I don't know that it is a valid ssh key. I suspect you may also need to set the ssh key value so that repos can be cloned via ssh. But I'm not 100% certain of that. | ||
| @clarkb:matrix.org | Looks like Gerrit intends to deprecate robot comments in 3.8 and remove them in 3.9. Their expectation is that CI systems either report with normal comments or use the checks API. I need to respond to the thread and ask about inline comments for CI results. | 14:34 |
| @jim:acmegating.com | jjbeckman: in addition to what clarkb wrote, the scheduler doesn't do anything with git repos, and the log message you pasted is not from the scheduler, but rather the executor, so i think you may have gotten something confused there. if it's adding an ssh key to an agent, it's adding the *nodepool* key to a build. | 14:35 |
| @jim:acmegating.com | jjbeckman: also, friendly reminder in case you aren't aware that in addition to the general directions for self-help from volunteers in channel here, there are commercial support offerings for zuul, including my own at https://acmegating.com/ for more detailed and responsive help. :) | 14:42 |
| @jim:acmegating.com | Clark: ++ re inline comments | 14:43 |
| @clarkb:matrix.org | https://groups.google.com/g/repo-discuss/c/fIgEGcB2IAs/m/43_u1MR2CwAJ Gerrit discuss thread on robot comment deprecation | 15:04 |
| @clarkb:matrix.org | That has my quetion about inline comments from CI systems | 15:04 |
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 812523: UI: harmonize build color codes and icons https://review.opendev.org/c/zuul/zuul/+/812523 | 15:09 | |
| @fungicide:matrix.org | > <@clarkb:matrix.org> That has my quetion about inline comments from CI systems | 15:41 |
| the reply indicates there's a "codepointer" you can set to make a comment show up inline with check results | ||
| @jim:acmegating.com | Clark: if we go back to plain file comments i don't think it'll be a huge loss... i think there was something about the display and/or notification with robot comments that was nicer, but the old thing is doable. i agree, it seems like we don't store the information needed to implement inline comments with a check result right now; we'd probably need a new db table for that. | 15:50 |
| @jim:acmegating.com | Clark: i think we just fall back to https://opendev.org/zuul/zuul/src/branch/master/zuul/driver/gerrit/gerritconnection.py#L1406 and get rid of https://opendev.org/zuul/zuul/src/branch/master/zuul/driver/gerrit/gerritconnection.py#L1393-L1404 | 15:51 |
| @clarkb:matrix.org | I think one main difference is filtering robot comments is something that the web ui does | 15:51 |
| @clarkb:matrix.org | so you can focus on human feedback if necessary | 15:52 |
| @jim:acmegating.com | Clark: yep | 15:52 |
| @clarkb:matrix.org | but ya I agree. Less than ideal but workable | 15:52 |
| @jim:acmegating.com | i believe by default (because we aren't specifying otherwise) they will be posted as "resolved". we can choose to continue that, which might help with the human task-level filtering | 15:53 |
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 879169: UI: Define chart color palette https://review.opendev.org/c/zuul/zuul/+/879169 | 15:55 | |
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 812523: UI: harmonize build color codes and icons https://review.opendev.org/c/zuul/zuul/+/812523 | 16:12 | |
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 879169: UI: Define chart color palette https://review.opendev.org/c/zuul/zuul/+/879169 | 16:12 | |
| @clarkb:matrix.org | ianw: I know your weekend has started so no rush. But i did rereview the container stack and I think it is really close just a few more cleanups (a small docs thing and consistency with no_log) | 18:58 |
| -@gerrit:opendev.org- Ian Wienand proposed: | 22:17 | |
| - [zuul/zuul-jobs] 879009: promote-container-image: add promote_container_image_method https://review.opendev.org/c/zuul/zuul-jobs/+/879009 | ||
| - [zuul/zuul-jobs] 878614: remove-registry-tag: role to delete tags from registry https://review.opendev.org/c/zuul/zuul-jobs/+/878614 | ||
| - [zuul/zuul-jobs] 878740: promote-container-image: use generic tag removal role https://review.opendev.org/c/zuul/zuul-jobs/+/878740 | ||
| - [zuul/zuul-jobs] 878810: remove-registry-tag: update docker age match https://review.opendev.org/c/zuul/zuul-jobs/+/878810 | ||
| @iwienand:matrix.org | thanks! hopefully getting closer :) | 22:17 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!