►
From YouTube: Working Group: 2020-05-06
Description
- Release Updates: Lifecycle Release, Tekton Task,
- Open RFC Reviews
- RFC: Publish Buildpacks to Registry
- Google's DEVMODE mechanism
A
B
A
C
And
then
start
with
the
lifecycle
today,
we
want
to
cut
a
patch
release
with
a
life
cycle,
because
there
is
a
broken
flag.
At
the
same
time,
we
were
looking
at
making
it
change.
That
would
help
us
with
the
trust
builder
work
in
pack,
which
is
right
now,
when
we
drop
down
from
root
user
to
an
unprivileged
user.
In
cases
where
the
lifecycle
is
executed
as
root
which
pack
does,
but
it
needs
to
talk
to
you,
The
Joker
daemon.
There
are
a
couple
steps
to
set
up
the
environment
variables
that
would
be
needed.
C
Those
steps
are
only
needed
by
in
the
Creator
phase.
It's
the
only
time
you
run
the
lifecycle
route
and
need
to
take
those
actions.
So,
in
addition
to
the
flag
fix
in
this
patch,
we
have
trained
for
logic
so
that
it
only
takes
those
steps
when
it's
necessary
I,
don't
think
either
of
these
should
affect
people
broadly
other
than
fixing
creator.
C
D
We
also
probably
should
mention
that
we're
making
some
updates
to
Tecton,
it
seems
like
they've,
updated
their
API
and
now
they've
branched
off
to
I
believe
a
b1
beta
and
a
v1
alpha
I
think
natalie
is
working
through
that
they've
also
changed
their
CLA,
which
is
kind
of
a
little
bit
of
a
blocker
for
us
I
believe
we're
getting
close
to
resolving
that,
but
that
should
come
out
here
relatively
soon.
That
adds
the
feature
where
they
could
now
mount
the
platform,
volume
and
add
environment
variables.
There.
A
C
Impact
once
we
introduced
the
concept
of
trusted
builders
really
going
to
be
using
creator
for
trusted
builders,
so
in
Tecton
we
can't,
unless
we
publish
two
different
templates.
We
can't
perform
like
a
logic
like
that
in
order
to
decide
whether
to
run
creator
or
run
into
multi
phases.
So
it's
a
trade-off
between
whether
we
want
the
default
to
be
the
faster
one
or
the
team
felt
to
be
the
safer
one.
C
And
once
we
have
lifecycle
images,
we
can
harden
a
Techcon
template,
so
the
Builder
image
is
the
only
one
that
gets
the
credentials,
what
to
do
a
little
bit
of
magic
with
the
way
they
Mountain
credentials
to
to
prevent
them
from
mounting
credentials
to
every
step
which
the
task
wants
to
do
by
default.
But
theoretically
we
could
make
a
safer
version
of
the
Tecton
template,
but
that
is
at
odds
with
using
the
master
version.
A
Someone
reached
out
in
a
select
channel
I
think
today
wondering
how
to
use
you
know
pack
with
GCB,
and
it's
like
the
life
cycle
is
exactly
the
right
fit
for
GC,
because
it's
basically
just
tacked
on
right
the
interface,
but
there
wasn't
a
good
example
and
when
I
point
people
towards
the
Tecton
example,
it's
very
complicated.
It's
like
a
lot
of
stuff
to
port
over.
C
Apr
des
nor
reversion
to
that
change
and
was
sort
of
asking
for
the
context
as
to
I
was
confused
because
they're
saying
it
was
caused
by
a
security
feature
of
openshift
but
I
think
requiring
things
that
don't
need
to
be
privileged
to
be
privileged.
Doesn't
sound
like
a
security
feature
to
me,
but
that
conversation
hasn't
about
yet
I
need
to
get
back
to
them.
A
I'm
going
to
share
my
screen
and
we'll
just
go
one
by
one
I
think
we
decided
last
time
that
we
wanted
to
do
this
really
quickly,
just
go
one
by
one
and
ask
for
a
status,
update
or
see.
If
anybody
knows
what's
going
on
in
each
one.
Is
that
right
and
are
we
we're
not
doing
specs
or
drafts
or
not
doing
spec
pr's
or
you're
skipping
draft
RFC's,
Zek,
correct
yeah.
B
A
A
E
A
B
A
B
A
A
B
B
A
The
you
can
set
environment
variables
that
run
when
those
processes
run,
but
you
you
can't
do
that
for
each
process.
They
all
apply
to
all
process
types.
So
this
just
lets
you
use
directories
inside
of
these,
which
are
previously
not
permitted
to
represent,
which
process
type
the
environment
variable
applies
to
some
of
you
have
your
database
migration
that
needs
to
run
with
a
different
environment.
Then
your
where
your
worker
needs
to
run
in
a
different
environment
than
your
web
process
right.
It's
really
easy
to
do
that.
A
Yeah.
We
see
this
in
our
ok.
Sometimes
too,
we're
like
someone
will
run
run
side.
Kick
workers
like
three
different
workers
for
three
different
cues
and
three
different,
like
you
know,
yet
to
use
inverse
that
are
prefix
certain
ways
to
kind
of
get
around
this
right,
because
otherwise
they
start
inheriting
the
enviros
from
your
very
first
worker.
C
Me
I
think
it
makes
sense
and
would
be
a
good
feature.
The
only
an
open
question
is
about
ordering
like
right
now
we
apply
all
the
environment,
modifications
in
the
order
of
Bill
pected
section
and
then
lexically
within
the
environment.
I
guess
like
what
would
happen
if
there
was
a
mismatch
case,
it's
like
what,
if
there's
an
environment,
variable
and
but
also
a
different
one
in
process
and
the
process
specific
one
override
the
end,
one
and
stuff
like
that.
But
nothing
is
remarkable
to
me.
A
A
B
A
Can
move
some
of
the
questions
I
posed
in
it
to
be
explicitly
out
of
scope
of
this
IRC
I?
Think
the
one
accent
question
for
me
was
I'm
not
opposed
and
might
even
like
some
additional
metadata,
which
I
think
I've
proposed
as
a
possibility.
If
there's
not
a
lot
of
interest
for
it
or
concern
around
it,
I'd
probably
move
a
telescope
like
you
suggested
tonight,
I.
B
A
B
A
C
A
A
B
B
Just
like
being
a
platform
be
able
to
report
out
like
having
a
place
to
grab
this
stuff
field
report
out,
like
even
as
a
pack
or
something
right
like
like
we
built
this
image
and
with
their
support.
You
like
a
platform
like
plaque
pack
were
evergreen
or
something
could
actually
like
format
out
anything
that
is
readable
to
users
of
flight.
The
image
that
was
being
built.
A
A
Think
the
idea
behind
this
sort
of
metadata
is
additional
about
the
data
about
the
build
that
may
not
be
available
on
the
metadata.
So,
for
example,
some
layers
aren't
exported
right,
cash-flow
new
layers,
a
platform
wanted
to
have
any
information
about
that.
Perhaps
the
report
could
contain
some
metadata
about
what
those
layers
were,
what
they
were
used
for
and
that's
the
sort
of
thing,
export
and
caching
does
but
isn't
a
civil
and
that
metadata
layers,
if
that's
useful,
to
some
platforms,
so
it
seems
like
there's
no
drawback
to
putting
in
from
information
about
each
layer.
A
That's
not
going
to
be
put
in
the
image
metadata
into
the
file
here,
and
nobody
as
opposed
to
doing
that.
I
think
that's
true,
but
I'm
kind
of
reluctant
to
make
that
part
of
us
are
sick
doesn't
seem
the
bezzerides
Drive
features
forward
that
everyone
seems
it's
like.
Okay,
I
think
I'd,
rather
just
added
an
ad
in
the
data
that
I
would
I'm
originally
proposing
in
the
report
and
then,
when
there's
actual
real
use
case
for
this
layer
metadata.
C
There's
another
RFC
open
that
will
probably
go
through
this
list
of
adding
metadata
about
build,
only
layers
to
the
image
itself
and
the
author
that
are
see
just
rejected
me
today.
So
you
just
say
that
he's
gonna
show
up
next
week.
I!
Do
wonder
if
there's
some
overlap
between
these
two
things,
because
it's
back
it
includes
metadata
for
non
blanc.
Players.
C
A
All
right,
moving
on
to
the
next
one
custom,
CA
certs,
I,
see
Xander
here,
I
think
I,
don't
think
I
see
him.
This
is
kind
of
tied
into
it
stack
extensions
thing
which
means
kind
of
tied
into
you
know
what
how
there's
been
a
lot
of
discussions
about
how
modular
that
should
be
and
what
that
should
look
like
recently,
the
I
think
there's
going
to
be
more
discussion
on
what
this
looks
like
and
just
continue
to
stay
open
for
now.
A
D
A
A
A
And
last
one
is
a
extensions.
This
is
really
active,
Joe
and
Joe.
Maybe
may
want
to
propose
pretty
different
UX
to
this
and
there's
still
a
lot
of
open
discussion
about
what
that
UX
might
look
like
the
it's
definitely
in
need
that
people
have
called
out
is
important
that
we
should
look
into
as
soon
as
possible.
A
E
E
There
were
some
concerns
about
how
that
work.
If
you
wanted
to
fork
the
registry,
because,
right
now,
the
registry
design
is
such
that
you
can
take
it's
the
the
index
is
stored
in
a
git
repository
that
github
repo-
you
can
set
up
your
own
registry
very
easily,
but
the
pack
published
built
back
command
would
not
work.
So
what
I
updated
this
to
include
was
four
different
mechanisms
for
publishing,
build
pack
just
based
on
flags
that
are
passed
to
publish
build
pack.
E
The
default
is
still
what
I
described
and
it
is
sort
of
a
special
case,
but
I'm
saying
that
we
will
actually
check
the
registry
URL
that's
being
used
and
if
it
does
not
match
the
official
registry,
this
won't
work.
It'll,
give
you
a
message
on
how
you
should
publish
or
something
along
those
lines,
so
we're
saying
very
much
a
special
case
for
the
official
registry
in
the
future.
E
This
would
mean
that
we
would
need
to
run
like
a
little
proxy
that
received
the
this
request
and
then
transformed
it
for
the
official
built
bag
registry
and
then
transformed
it
into
the
API
call
to
create
the
github
issue.
So
there
is
a
little
bit
of
like
on
call
burden,
so
to
speak
for
it,
but
this
wouldn't
necessarily
be
on
the
critical
path
you
could
always
go
in
to
github
and
just
create
the
issue
yourself
or
use
the
other.
E
A
E
I'm
not
sure,
possibly,
there's
like
a
redirect
thing.
We
could
not
because
I
don't
know
how
to
be
off
yeah
it
I,
don't
know
if
there's
any
way
around
that,
if
we
want
this
to
also
work
with
generic
registry
right
like
if
I
am
a
Kimiko
and
I
like
want
to
set
up
my
own
registry
and
I
walked
back
published
buildpack
to
work
with
it.
E
I'll
come
we'll
come
back
to
that,
because
I
think
there's
a
lot
to
discuss
there.
The
third
one
I'm
not
sure
how
I
feel
about
is
like
native,
where
it
actually
commits
to
the
local
git
repository
and
then
does
it
get
push.
This
would
not
work.
This
would
like,
by
definition,
fail
with
the
official
registry,
but
this
seems
like
something
that
would
be
very
useful
for
people
that
want
to
maintain
their
own
registry.
D
Where
you
defined,
like
your
registry
in
the
configuration
file,
if
you
could
add
the
different
end
points
like
the
definition
of
what
the
registry
looks
like
right
and
you
could
add
the
endpoint
or
the
read
URL
the
right
URL
and
you
know
maybe
the
type
where
it's
like
github
and
then
it
could.
Just
you
know,
kind
of
going
back
to
a
modular
implementation
that
we
talked
about
where,
if
it's
the
github
type,
we
know
exactly
how
to
use
that
make
that
API
request
using
the
token
and
then
that
way
there
is
no.
E
E
E
C
D
Ahead
here,
I
was
gonna,
say:
I
think
we
should
take
it
into
consideration,
but
at
the
same
time
that
maybe
we
should
make
sure
that
we
stay
within
scope
because
nobody's
really
asking
for
that
right.
We
just
want
to
make
sure
that
we
take
it
into
consideration
to
propose
the
solution,
but
not
as
necessarily
think
of
every
single
detail
within
those
implementations.
I.
C
E
C
B
E
Right
now
is
not
boxing
out.
The
I
want
to
stand
up
my
own
registry
of
AIDS
and
so
I,
don't
even
care
about
implementing
the
other
mechanisms
as
much
as
implementing
this
first
one
where
it
opens
in
the
browser
and
then
leaving
space
develop
those
other
things
in
the
future
as
like
that
need
comes
along
where
people
actually
want
to
stand
up
their
own
registry
and
can't
just
do
their
own
get
push
or
whatever.
A
Think
that
make
sense,
I
think
having
the
official
one
and
then,
as
long
as
we
have
the
workaround
of
doing
like
local
commits
like
you
can
still
stand
up
here
in
registry,
you
might
have
to
write
your
own
github
actions
to
do
some
of
the
things
that
we're
doing.
But
as
long
as
you're
published
buildpack
can
create
local
commits
and
I
feel,
like
that's,
probably
good
enough
to
start
with.
E
A
E
A
Don't
have
a
problem
with
it
being
specific
to
the
projects
one,
it
just
seems
like
it.
It
doesn't
necessarily
have
to
be,
if
we're
willing
to
say
like
oh
yeah,
you
can
put
something
else
in
config,
tamil
and
it'll
work
with
that,
assuming
you
run
the
run,
the
special
version
of
our
github
repo
and
install
all
these
actions.
You
know,
but
that's
not
you
know,
creating
your
own,
because
actions
are
part
of
the
source
configuration
from
the
registry.
If
you
used
actions
in
there,
you
could
make
a
template
registry.
A
B
I
mean
I,
guess
I
am
a
little
I
have
some
reservations
of
time.
Everything
to
get
home
not
like
our
specific
registry,
but
just
like
standing
up
a
mirror
registry
requires
you
to
obviously
doesn't
like
require
you
to,
because
you
can
work
around
it
at
the
end
of
day.
But
if
everything
we
do
is
centered
around
github
I
feel
like
that
cement
block
or
first
or
metal
browsers.
A
I
think
the
direct
push
workflow,
not
the
one.
That
requires
a
token,
but
the
one
where
you
you
know
it's
your
authenticate.
It
you
have
some
permission
to
push
to
the
repo
might
be
suitable
for
those
private
registry
like
what
we're
creating
here
is
a
public
registry
authenticated
using
github
right,
so
it's
gonna
be
tied
to
github
for
some
of
those
workflows,
but
the
later
workflow,
where
you
can
just
push
the
convince
directly,
seems
like
it
would
cover
a
lot
of
those
Enterprise
situations.
B
Prior
that
every
other
language
ecosystem
does
is
they'd,
stand
up
a
service
because
then
the
API
is
to
like
you
get
to
control
what
the
API
is
and
I
think.
The
kind
of
catching
point
is
that
we
don't
want
to
operate
it
and
run
a
service,
and
so
like
we're
kind
of
trying
to
pull
together
stuff.
We're,
like
you,
don't
know
what
to,
for
instance,
in
for
someone
to
stand,
French
you'd
be
like
well.
D
B
How
does
the
rust
tooling
allow
you
to
you
late,
a
private
registry
without
all
of
this
other
stuff,
I
mean
you
stand
up
running
your
own
registry
is
like
Willy
running
the
service
right,
so
you
run
a
service
that
has
a
git
repo
that
backs
it
right,
but
the
service
has
a
predefined
API
that
Cardosi
interfaces
with
right.
I
think
this
is
how
like
pretty
much
almost
every
language
ecosystem.
Does
it
it's
like.
You
have
some
API
that
you
can
define
and
therefore
is
now
standardized
across,
because,
whereas
we're
trying
to
kind
of
not
get.
E
B
C
B
C
E
E
And
that
would
be
ideal
for
me,
because
that's
kind
of
the
part
that
that
we're
struggling
with
and
it's
sugar
blocking
moving
forward
on
implementation.
C
D
C
D
E
True
it
was,
it
was
the
just
using
the
github
API
and
going
to
bike
directly
rather
than
through
the
janky
service.
Boxing
thing
or
whatever
yeah
I
mean
it's
still
worth
trying
to
do
that
I'm,
just
not
sure
how
to
fit
that
in
without,
like
sort
of
boxing
out
a
more
generic
like
HTTP
POST
thing
that
any
service
to
implement
I,
don't
wanna
have
to
like
be
tied
to
the
github
API
for
the
rest
of
time.
Yeah.
D
E
B
E
B
B
A
This
is
kind
of
similar
to
we
had
someone
from
tilt
give
a
demo
of
Bill
Paxton
would
tilt
I.
Think
was
last
week
the
be
interesting
to
compare
those
two
approaches
and
try
to
come
up
with
the
generic
been
develop.
That
kind
of
satisfies
everybody's
needs,
I,
think
forest.
You
were
looking
into
that
a
little
bit.
We
had
a
chat
this
morning
about
it.
I
guess
you
don't
have
much
to
share
here
yet,
but
the
it's
definitely
something
that's
being
actively
looked
into.
Yeah.