[00:02:05] two questions: 1) how untrustworthy are the untrusted/everyone GitLab CI runners? E.g., I build a Rust binary in CI to use in Toolforge, can I trust it? Is it possible for some evil process to tamper with it? [00:03:14] 2) Is it OK to spread the news that runners are available for everyone? or is it just for early testers who lurk in here and should be kept on the down low for now? [04:26:30] 10GitLab, 10Release-Engineering-Team, 10serviceops-collab, 10Patch-For-Review: Align the GitLab runner tags - https://phabricator.wikimedia.org/T325069 (10PMenon-WMF) Hello! We have been working on the [[ https://gitlab.wikimedia.org/toolforge-repos/transcriber | Transcriber project ]] and are looking to... [10:16:03] 10GitLab, 10Release-Engineering-Team, 10serviceops-collab, 10Patch-For-Review: Align the GitLab runner tags - https://phabricator.wikimedia.org/T325069 (10Jelto) >>! In T325069#8573075, @PMenon-WMF wrote: > Hello! > > We have been working on the [[ https://gitlab.wikimedia.org/toolforge-repos/transcriber... [14:20:27] 10GitLab (CI & Job Runners), 10Release-Engineering-Team, 10mwcli: Add registry.gitlab.com/dependabot-gitlab/dependabot to list of allowed images for gitlab runners - https://phabricator.wikimedia.org/T326507 (10Addshore) Any thoughts on this? I seem to remember the golang images got added to the list rather... [16:37:00] legoktm: cc: dancy & dduvall on the above, but 1) i think the answer is "about as untrustworthy as $thing_running_on_digitalocean_generally", 2) i *think* we're pretty close to a general announcement but there's not much capacity at the moment. [16:37:39] is each job executed in a fresh VM? [16:39:36] Jobs are executed in containers. The VMs are not refreshed per-job. [16:40:13] gotcha [16:44:21] As far as news spreading goes... I don't feel like we're ready for an announcement yet..we're still in early adopter stage. [16:51:13] 10GitLab, 10serviceops-collab, 10Release-Engineering-Team (GitLab IV: Mise En Place 🍱): Convert runner-1030.gitlab-runners.eqiad1.wikimedia.cloud to an instance-wide shared runner - https://phabricator.wikimedia.org/T327949 (10dancy) 05Open→03Resolved [16:51:17] 10GitLab (CI & Job Runners), 10serviceops-collab, 10Release-Engineering-Team (Priority Backlog 📥), 10User-brennen: Provision untrusted instance-wide GitLab job runners to handle user-level projects and merge requests from forks - https://phabricator.wikimedia.org/T297426 (10dancy) [16:53:02] ok :) [18:00:31] 10GitLab (CI & Job Runners), 10serviceops-collab, 10Release-Engineering-Team (GitLab IV: Mise En Place 🍱): Create cleanup policy for buildkit cache - https://phabricator.wikimedia.org/T327060 (10dancy) 05Open→03Resolved [18:11:39] 10GitLab (Infrastructure), 10serviceops-collab: Migrate gitlab-test instance to bullseye - https://phabricator.wikimedia.org/T318521 (10Dzahn) Thanks @taavi. for the record, I cleaned up this: - disassociated floating IP 185.15.56.117 from instance - released floating IP 185.15.56.117 [18:33:02] 10GitLab, 10serviceops-collab: Investigate incremental backups for GitLab - https://phabricator.wikimedia.org/T324506 (10Arnoldokoth) Thanks @Jelto > I have some concerns because the docs state The chosen previous backup is overwritten.. So we might see quite a lot of IO here for extracting the tar archive... [18:40:30] 10GitLab, 10Release-Engineering-Team, 10serviceops-collab, 10Patch-For-Review: Align the GitLab runner tags - https://phabricator.wikimedia.org/T325069 (10PMenon-WMF) >>! In T325069#8573587, @Jelto wrote: >>>! In T325069#8573075, @PMenon-WMF wrote: >> Hello! >> >> We have been working on the [[ https://gi... [18:48:04] 10GitLab (Infrastructure), 10serviceops-collab: Migrate gitlab-test instance to bullseye - https://phabricator.wikimedia.org/T318521 (10Dzahn) >>! In T318521#8566776, @taavi wrote: > Ok, `gitlab-prod-1002` can now also assign the IP address `172.16.7.146` (NOT the public/floating ip!) to its primary interface.... [21:57:50] 10GitLab (Project Migration), 10Phabricator, 10serviceops-collab, 10Epic, and 3 others: Migrate active repositories in Phabricator Differential to GitLab - https://phabricator.wikimedia.org/T191182 (10Dzahn) @brennen has moved the `phab-extensions` repo https://gitlab.wikimedia.org/repos/phabricator/exten... [22:24:52] 10GitLab (Project Migration), 10Phabricator, 10serviceops-collab, 10Epic, and 3 others: Migrate active repositories in Phabricator Differential to GitLab - https://phabricator.wikimedia.org/T191182 (10Dzahn) @thcipriani using the "02-active-diffusion-repos.py" script from https://gitlab.wikimedia.org/repos... [22:47:51] 10GitLab (Infrastructure), 10serviceops-collab: Migrate gitlab-test instance to bullseye - https://phabricator.wikimedia.org/T318521 (10Dzahn) - removed Hiera key/values from "1002" VM.. gitlab-ssh and gitlab-https-public are now using 172.16.7.146 to bind to: -&D_SERVICE(tcp, 22, (185.15.56.117)); +&D_SER...