| @jim:acmegating.com | ianw: that may be, but i think it's orthogonal? not all circumstances will need to call that method (in fact, that should only happen during gating) | 00:04 |
|---|---|---|
| @iwienand:matrix.org | I guess probably if you don't have an API token available, and you do a "Depends-On: https://github.com/x/y" and zuul -1's your change with "Can't access project x/y" that would be a useful interface? (as opposed to I guess what i'm saying in that change, which is make sure you have an API key so you never hit this). As you say, possibly people will be happy and never try to use that feature. But it was just a bit hard to know what's going on when the change doesn't make it into the gate. | 00:13 |
| @iwienand:matrix.org | that would, i guess, require noticing the 401 response from the graphql query and bubbling it up as an error | 00:14 |
| @jim:acmegating.com | it's not possible to use depends-on to enqueue a change into a gate pipeline if zuul isn't managing that project. | 00:20 |
| @iwienand:matrix.org | but it *is* possible to depends-on to a project that zuul knows about, but doesn't have an api key so can't graphql query ... i mean that's how my change with depends-on to github.com/ansible/... failed? | 01:56 |
| -@gerrit:opendev.org- Bernhard Berg proposed wip on behalf of Lukas Kranz: [zuul/zuul-jobs] 887917: prepare-workspace-git: Add ability to define synced pojects https://review.opendev.org/c/zuul/zuul-jobs/+/887917 | 10:43 | |
| -@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 894920: Avoid infinite recursion with topic dependencies https://review.opendev.org/c/zuul/zuul/+/894920 | 13:33 | |
| @jim:acmegating.com | ianw: it would also have failed because ansible and whatever you were depends-onning from don't share a change queue and so you can't enqueue an ansible change in gate ahead of something else. so even if that had succeeded, the process would have failed just a few milliseconds later. | 13:58 |
| @tristanc_:matrix.org | Is there a plan to support Ansible action plugins inside job roles, or is this always going to require running a nested ansible command? | 14:32 |
| -@gerrit:opendev.org- Benjamin Schanzel proposed: [zuul/nodepool] 894636: Fix UnboundLocalError in error handling of runStateMachine https://review.opendev.org/c/zuul/nodepool/+/894636 | 15:05 | |
| @fungicide:matrix.org | > <@tristanc_:matrix.org> Is there a plan to support Ansible action plugins inside job roles, or is this always going to require running a nested ansible command? | 15:33 |
| do action plugins need to be installed into ansible's python environment? if so, they can be preinstalled by the admin for jobs to use | ||
| @tristanc_:matrix.org | They are part of the job to be tested, so they can't be pre-installed. Looking at the ansible documentation, it seems like they should work automatically when an associated module is used, so perhaps this is already supported? | 15:42 |
| @fungicide:matrix.org | are they python modules? not sure how ansible would pick them up if so, in cases where it lacks permission to install things into the python environment, but maybe it doesn't put them into the search path or something, just invokes them directly | 15:45 |
| @fungicide:matrix.org | or maybe it extends the search path with local directories | 15:46 |
| @tristanc_:matrix.org | it seems like these action plugins are python, and the doc ( https://docs.ansible.com/ansible/latest/plugins/action.html#id3 ) says that `Action plugin are executed by default when an associated module is used; no action is required.`. Though it appears that we also need to set the ANSIBLE_ACTION_PLUGINS environment variable. | 16:11 |
| -@gerrit:opendev.org- Zuul merged on behalf of Simon Westphahl: [zuul/zuul] 894920: Avoid infinite recursion with topic dependencies https://review.opendev.org/c/zuul/zuul/+/894920 | 16:34 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 894839: Use a seeded PRNG when setting timer triggers https://review.opendev.org/c/zuul/zuul/+/894839 | 17:44 | |
| @iwienand:matrix.org | i'm not sure we're talking about the same thing ... we've been able to Depends-On gh/ansible/ansible changes from system-config? it's an untrusted project (https://opendev.org/openstack/project-config/src/branch/master/zuul/main.yaml#L1486)? | 21:04 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 21:16 | |
| - [zuul/zuul] 895005: Add a bundle-changed safety check https://review.opendev.org/c/zuul/zuul/+/895005 | ||
| - [zuul/zuul] 895006: Add more safety check tests https://review.opendev.org/c/zuul/zuul/+/895006 | ||
| @jim:acmegating.com | ianw: in gate? | 21:16 |
| @jim:acmegating.com | i mean, after it merged, sure :) | 21:18 |
| @jim:acmegating.com | ianw: to summarize: the method you are concerned about should only be called when adding a change to a gate pipeline, which means it should not happen in an opendev-like situation where a gerrit change depends-on a github change. it's possible that something changed in the intervening two years related to that, and it's also possible i'm not entirely correct about the sequence here and it is inadvertently called in that case (but if so, i'd probably proceed with the assumption that it's a bug [because why are we working on checking the mergability of a merged change?] and work on fixing that). all of that leads me to believe that the review comments are correct and today we should not *techncially* require the api token. and even if it does happen to fail due to an error like that, we still should not require the token and it would be better to fix zuul than to change the instructions to require it. and none of that changes the fact that i agree with you that opendev should add the api token for its use case. :) it's a good change, it should just handle the graceful fallback to anonymous like we do today. | 21:27 |
| @iwienand:matrix.org | I 100% agree something might have changed. but the original issue I saw (from the story https://storyboard.openstack.org/#!/story/2008940) was with https://review.opendev.org/c/opendev/system-config/+/794353 where i was just trying to test and not a gate situation. | 21:52 |
| so i guess that's where i was getting a bit confused. | ||
| as you say, that might be a bug that has been fixed in the years since... | ||
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!