[03:36:15] <legoktm>	 the registry authz is just HTTP basic auth in nginx, it's pretty terrible
[03:36:29] <legoktm>	 I'm sure we could do much better on the registry side
[03:38:12] <legoktm>	 I think it would be doable to have individual auth users for various prefixes, probably requires some puppet magic to generate a working nginx config
[03:38:40] <legoktm>	 though ideally setting up a new CI image pipeline thing wouldn't require puppet/SRE intervention...
[18:37:49] <wikibugs>	 10GitLab (CI & Job Runners): Gitlab CI should be able to publish static html docs - https://phabricator.wikimedia.org/T303546 (10Ottomata)
[18:59:17] <wikibugs>	 10GitLab (CI & Job Runners): Gitlab CI should be able to publish static html docs - https://phabricator.wikimedia.org/T303546 (10sbassett) > doc.wikimmedia.org would be a great place, but anywhere publicly accessible (gitlab pages?)  I'd assume we'd prefer doc.wikimedia.org as the canonical location of most Wiki...
[19:38:13] <dduvall>	 legoktm: auth per prefix seems to make more sense. maybe we could mirror the convention under /repos/{group} we're using for gitlab
[19:40:51] <dduvall>	 on the blubber side of things, the first build of the buildkit gateway has been published. bd808 you can do this now https://gerrit.wikimedia.org/r/plugins/gitiles/blubber/+/refs/heads/master/.pipeline/blubber.yaml#1 :)
[19:42:00] <dduvall>	 and `docker build --target {variant} -f blubber.yaml .`!
[19:42:29] <dduvall>	 find bugs please :)
[20:06:07] <bd808>	 dduvall: neat! And that will work from pipelinelib once T300682 is done too I suppose?
[20:06:08] <stashbot>	 T300682: contint1001 and contint2001 need a newer version of Docker installed - https://phabricator.wikimedia.org/T300682
[20:50:54] <bd808>	 dduvall: I was able to build and run a container locally through a docker-compose.yaml with a blubber.yaml "Dockerfile". This is super cool! It removes the need for calling out to blubberoid to generate a file to point docker-compose at. When we can put the ARG support back in I think I can document a relatively simple way to build local dev environments driven by blubber.
[20:57:42] <legoktm>	 dduvall: that sounds reasonable to me!
[21:14:00] <dduvall>	 bd808: \o/ yeah let's get that support back in. I'll check in on the puppet patch for getting docker upgraded on contints
[21:15:11] <dduvall>	 we'll be sticking with blubberoid in ci until the buildkit gateway is proven but i think the gateway makes sense as the execution model and distribution model going forward if it works
[21:17:34] <bd808>	 I wonder if the syntax=... comment works with podman. Has anyone tested that yet?
[21:28:33] <bd808>	 seems that the answer is "well, you can make it work, but no not out of the box" -- https://pythonspeed.com/articles/podman-buildkit/
[21:30:18] <dduvall>	 hmm, interesting
[21:30:35] <dduvall>	 i haven't messed with podman at all
[21:32:26] <bd808>	 I've only been playing with it as a runtime. It made setting up a single container webservice with automatic container updates very easy thanks to lots of batteries included features for interfacing with systemd -- https://wikitech.wikimedia.org/wiki/Developer_Portal#Demo_server
[21:32:29] <dduvall>	 i read the conclusion of that as "you can use buildkit with podman by not using podman but buildkitd"
[21:33:33] <dduvall>	 this brings up an important point though. blubber is its current form as a transpiler between blubber config and Dockerfile syntax allows it to be used with non-docker image builders that understand Dockerfile syntax
[21:33:45] <dduvall>	 moving it to buildkit would break that compatibility
[21:34:11] <dduvall>	 whether that affects anyone anywhere is unknown but my guess is it affects no one
[21:34:49] <dduvall>	 bd808: oh that's interesting
[21:35:15] <bd808>	 `podman generate systemd` is pretty awesome
[21:35:35] <dduvall>	 does it use runc or is it something totally different?
[21:36:13] <bd808>	 I think it is runc by default and crun optional?
[21:37:07] <bd808>	 "Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers."
[21:37:21] * dduvall nods
[21:37:22] <dduvall>	 cool!
[21:38:04] <bd808>	 It looks like bullseye packages it with crun as the runtime 
[21:52:36] <wikibugs>	 10GitLab (Project Migration), 10Release-Engineering-Team (Next), 10User-dduvall: Migrate Blubber project to GitLab - https://phabricator.wikimedia.org/T301168 (10dduvall)
[22:27:36] <brennen>	 i keep hearing good things about podman, but i haven't tried it like at all