[12:49:26] 10GitLab (Infrastructure), 10serviceops: bring new gitlab hardware servers into production - https://phabricator.wikimedia.org/T307142 (10Jelto) [16:06:44] 10GitLab (Integrations), 10GitLab-Test, 10Phabricator, 10serviceops-radar, and 2 others: Experiment with GitLab-Phabricator integration - https://phabricator.wikimedia.org/T265617 (10hashar) >>! In T265617#7880480, @kostajh wrote: >>>! In T265617#7413071, @mmodell wrote: >> So one thing I think that we nee... [16:06:51] 10GitLab, 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate buildkitd instances as image builders for GitLab - https://phabricator.wikimedia.org/T307810 (10dduvall) [16:16:47] o/ [16:16:57] [x] check-in #1 [16:17:02] thanks for your time all <3 [16:18:07] dancy, jnuche: https://meet.google.com/gsn-zzca-xso [16:18:18] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Write a phame / tech blog post detailing the appsec pipeline, as it currently exists - https://phabricator.wikimedia.org/T307517 (10sbassett) [16:18:19] breakout for looking at image builders [16:18:57] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Write a phame / tech blog post detailing the appsec pipeline, as it currently exists - https://phabricator.wikimedia.org/T307517 (10sbassett) 05Open→03In progress p:05Triage→03Low [16:19:00] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10Security: Design and Build Application Security Pipeline Components for Gitlab - https://phabricator.wikimedia.org/T289290 (10sbassett) [16:22:45] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, 10Security: Investigate container scanning options within the context of the Gitlab appsec pipeline - https://phabricator.wikimedia.org/T307523 (10sbassett) [16:24:24] 10GitLab (Integrations), 10GitLab-Test, 10Phabricator, 10serviceops-radar, and 2 others: Experiment with GitLab-Phabricator integration - https://phabricator.wikimedia.org/T265617 (10hashar) The `commentlink` section I describe above is for rendering. The indexing in Gerrit is done by [[ https://gerrit.wik... [16:25:17] I am calling it a day, going to have diner with the kids [16:25:48] if there are any tasks in the sprint that could benefit a braindump from me, please @ ping me on the task(s) and I will follow up tomorrow morning :) [16:29:43] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Create Blubber repo on GitLab, archive Gerrit repo - https://phabricator.wikimedia.org/T307533 (10hashar) To archive Gerrit repositories we use #projects-cleanup , on the side bar there is the //[[ https://phabricator... [18:01:35] dduvall: The reason why we couldn't mask xxx is discussed in https://gitlab.wikimedia.org/help/ci/variables/index#mask-a-cicd-variable and there's an open issue about it: https://gitlab.com/gitlab-org/gitlab/-/issues/196871 [18:01:50] s/xxx/BUILDKITD_EVAL_CLIENT_KEY/ [18:01:51] ah ok [18:02:12] Disappointing. [18:02:41] yeah a bit [18:02:52] it is only obfuscation, however [18:03:14] nod. [18:03:48] the other things i'm curious about is whether we can have separate mTLS certs per project? [18:03:54] *thing* [18:04:30] As long as they're all signed by with the same CA key. [18:05:19] * dduvall nods [18:09:35] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen, 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10brennen) [18:18:50] 10GitLab (Integrations), 10GitLab-Test, 10Phabricator, 10serviceops-radar, and 2 others: Experiment with GitLab-Phabricator integration - https://phabricator.wikimedia.org/T265617 (10thcipriani) #releng was poised to look at this this quarter (q4 2022), but the person we intended to have work on it is no l... [18:25:07] We could really use a namespace for cloud VPS projects. I still recommend "cloud" while wmcs uses "wmcs" for infra but I am not trying to make it harder than necessary. We should give cloud VPS users a recommendation though that isn't "your personal user namespace". [18:29:05] 10GitLab (CI & Job Runners), 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate alternatives to docker-in-docker for container image creation in GitLab - https://phabricator.wikimedia.org/T307599 (10brennen) [18:30:48] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Migrate Blubber project to GitLab - https://phabricator.wikimedia.org/T301168 (10brennen) [18:34:00] mutante: so i set these up: https://phabricator.wikimedia.org/T305301#7892826 [18:34:22] if the -repos suffix is too irritating, we can get rid of it, but i wanted to indicate that these are parallel sorts of entities to the /repos namespace [18:35:19] (because they don't have access to the same set of runners that things in /repos do) [18:35:47] brennen: ah, somehow missed or forgot that they were already created. ok, thanks [18:35:52] we were initially trying to have things in /repos/* be broken up more by "area of code" than by "territory of a specific team". [18:36:14] I will move a repo into cloudvps-repos then [18:36:29] kk [18:51:25] Important task completed: Added the Blubber logo to the repo. [18:51:49] yesss [18:55:15] dancy: \o/ [18:55:25] also, k9s is sooooo nice [19:00:31] Glad you like it. [19:02:43] 10GitLab (Project Migration), 10Release-Engineering-Team (🌱 Spring Cleaning — April 2022), 10User-brennen, 10cloud-services-team (Kanban): GitLab: separate trees for WMCS infrastructure and tenants - https://phabricator.wikimedia.org/T305301 (10brennen) 05In progress→03Resolved [19:12:02] 10GitLab, 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate buildkitd instances as image builders for GitLab - https://phabricator.wikimedia.org/T307810 (10dduvall) I've set up a personal repo with the manifests, etc. used to set up my evaluation environment. They were applied against a fresh Digital O... [19:12:12] dancy: see https://gitlab.wikimedia.org/dduvall/gitlab-buildkitd-eval [19:12:44] dduvall: The problem of two seperate projects trying to push the same image+tag exists w/ the existing Jenkins CI system, right? [19:12:52] thx for the link. Taking a look [19:13:12] dancy: i believe it does [19:13:27] ok thx. That helps constrain scope [19:13:33] some aspects of the image ref are enforced [19:14:02] by pipelinelib presumably [19:14:08] yeah [19:19:46] dancy: i just realized that if you spin up your own buildkitd using different certs we might clobber each other's gitlab variable values [19:20:18] OK. I won't spin anything up. I'm just looking at what you've configured. [19:20:21] but you can always register a runner for a specific test project or just be sure to create a second set of variables [19:20:48] the makefile doesn't touch the gitlab variables so running `make` should be safe [19:21:40] it's only if you want to test round trip with changes to the `.gitlab-ci.yaml` under the blubber project that you need to be aware/careful [19:26:35] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen, 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10sbassett) Hey @brennen - This seems like as good a task as any to inq... [19:32:33] ^ i think it's fair to describe that one as an open question, right? [19:36:37] yes? I think we'll have a better idea about that at the end of this week (I hope) [19:37:35] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen, 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10brennen) > This seems like as good a task as any to inquire as to wheth... [19:37:56] here's buildkit magic that uses existing blubber.yaml, but unclear if that's the final answer. [19:38:05] *there's [19:43:27] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen, 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10sbassett) Ok, sounds fair. Thanks for the response. [20:15:13] Seems right. I highly doubt we'll keep pipelinelib in any form with gitlab. I really hope not at least. I suspect we'll still use blubber at least for a while [20:15:21] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10Security, 10user-sbassett: Re-implement semgrep ci includes - https://phabricator.wikimedia.org/T307962 (10sbassett) [20:15:49] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Re-implement semgrep ci includes - https://phabricator.wikimedia.org/T307962 (10sbassett) [20:15:57] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10Security: Design and Build Application Security Pipeline Components for Gitlab - https://phabricator.wikimedia.org/T289290 (10sbassett) [20:16:11] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Re-implement semgrep ci includes - https://phabricator.wikimedia.org/T307962 (10sbassett) 05Open→03In progress p:05Triage→03Low [20:16:53] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Re-implement semgrep ci includes - https://phabricator.wikimedia.org/T307962 (10sbassett) [20:17:58] 10GitLab (CI & Job Runners), 10Security Team AppSec, 10Security-Team, 10SecTeam-Processed, and 2 others: Re-implement semgrep ci includes - https://phabricator.wikimedia.org/T307962 (10sbassett) [20:25:51] Agreed