Add a meeting Rate this page

A

Hello thanks.

A

So, let's give five minutes for people to join and, as usual, oh ramen welcome back we've been expecting you.

B

Good morning and good evening and good afternoon to everybody, thank you good morning.

A

To you, let me share my screen. I hope I can manage.

A

That.

A

Okay, you can see the high cambridge document. I hope I always fail with this thing.

A

Yeah.

C

So.

A

Please uh record your attendance as usual. Well, you know who joined.

A

Us.

A

We have a bit light agenda today so, but we can discuss any topic. You want to bring up.

A

So how have you been ramen since we last talked? I think it was before new year's break or something you were in one of the meetings.

B

Oh well, um it's just been a very challenging year, yeah and just lots of things going on and um uh just been very, very busy. So I've kind of missed you guys yeah.

A

The same we missed you as well, so you know I've been spamming your time to time, so it seems it worked.

A

So we can start with the agenda and then others join on the way. As I mentioned, it's a bit light agenda today.

A

The first action item is as usual. The first agenda item is usual. Action item reveal, then we will congratulate uh events, work stream becoming sick, and I mean you may have missed this, so we will have chance to update you about what happens with the uh events work stream. We have been having within the sick, so I see emil here.

A

Maybe he can provide an update when we come to the topic and then a quick chat on policy driven, ci cd, which we started talking about during the last meeting, and we had some uh action items on that which I failed to do my action item which caused others to fail with direction items as well, and then I touch on standardized metadata and then that's all agenda items we have so the action item review.

A

So the first action item is on dave together with steve, to welcome artifact metadata and, let's see if uh any of them joins the meeting. So we can ask if they have done any updates, welcome, tracy and christy. We are just starting.

A

So we keep the first action item open on dave and steve and while we are on the topic, I am keeping quiet ramen. I won't ask the question, but you know what I am going to ask or what I want to ask.

A

No pressure.

A

Okay, the next action item is on steve and trace reagan to bring or tell us standardized metadata example. So I don't see uh both steve and tracy. So we keep that action item open and the next action items on utracy.

A

uh I think I don't remember did we say we should close the section item and then, when you uh invite dina graves portland to either to this meeting or end user console and then we do it that way.

D

uh You can leave it open, I'm actually syncing with dina tomorrow, so um yeah. I should be able to hit her up and see what options we have.

A

Okay, then I keep it open and then we ask you again the next time I made it. Okay.

A

The next action item is on me to create a new document to start to work on policy driven ci cd, which I did, but I forgotten to send a mail to mail list. So I will do that after the meeting, because we have some action items on andrea to bring how techton approaches policy topic under the term conditions.

A

So he can contribute that part and then I believe uh yeah tracy ragan, to include policy related information from all telus and deploy hub to that document as well, which they haven't been able to do that because of me missing, sending the mail same as andrea. So I keep all those action items open and then finally, yeah, I contacted trace reagan about possible policy presentation for cdf meet up. So I can close the section item.

A

We are not that bad. We are closing items time time, so that was all action items. uh I just realized one topic uh which I can add here the white paper, because I need to get some guidance from all of you about that.

A

So the next topic is, you went sick, andrea emil. You want to talk about this and the latest news.

E

Sure be good, as you all know, I guess we had have had a work stream within this big interoperability to discuss eiffel to oh sorry, for the influence, but but events in general in cicd and during the autumn we have actually got some more interest. We have attracted somehow attracted more and more people and the the question was raised to us was it in november. I believe if we shouldn't become a sig of our own.

E

Maybe it was in december, so we made a proposal around christmas. I believe it was and then or maybe just after and this tuesday we were granted to become a sick, and that's very good news, we're very happy for that. Of course, our sponsor would be isaac moscara from armory.

E

That's also great me and andrea will join we'll meet with him tomorrow to discuss how to get started and how to set up the sig and so on.

E

So yeah we're looking forward to to starting off now being a sig, and we hope we can be even more active and make make more progress in the work we want to do. We have several tracks.

E

We want to to pursue, for example, we we want to set the vocabulary on the data for this event that we want to to standardize on, and we also want to to make some simple implementations based on this, this event protocol that we intend to to create, so we will have real tasks for for multiple persons to do to join us and help us with, um and we have yeah. As I said, we have attracted people from all over. So it's it's looking good. I think so far.

E

Yeah.

D

Congratulations emil. I I wanted to bring up as well. We want to help do an announcement uh around the sig. Is it just a way to promote it and uh encourage people to to engage, and one idea we had was that if we could get quotes from various members of the sig, um that could help kind of tell the story rather than us, just writing it.

D

So, let's say yourself as co-chair talking about the problem space, uh someone else talking about like the relationship to the cloud events and then maybe fati you could uh provide something that says how it um was a spin-off from the interoperability group and that's kind of part of the the mission of that group to help drive these initiatives.

A

Let me action that, since we are taking this action item in this meeting, I will add emil, andrea and others who want to. You know, uh give the quotes, and then you can follow this up in your work stream as well. uh Yeah.

D

When is your next meeting? Okay,.

E

uh Monday, a week and a half a week are.

D

We gonna have.

E

Is it the month, ninth or march, whatever it is no first or more chase? Yes, okay,.

D

I'll go ahead and tag folks in the in the announcement, um so you can start working on things and um and then maybe on the first of march, we can tie it all together.

F

And just uh so everybody knows we did do a cdf meetup yesterday and andy grabner um did a demo of kept in and before that we announced um the uh this new sig. It's just yeah great. So we started the conversation and if somebody does do a blog I'll, I'm gonna I'll, I will um it's being uploaded to the uh to the youtube channel under the playlist for cdf meetups. So you may want to link to that. It was a very interesting.

F

um You know andy's really good at expressing this stuff, and it was a really good demo of what events are.

A

uh Tracy, do you have a link to that recording I I can add that to meeting minister as well. If you can find as.

F

We speak as we speak, um it's being uploaded.

A

Okay, I just got.

F

I will before this is over. I should have a um a link for you.

A

Okay: okay, thanks.

D

Especially reagan in that meeting did did he talk about um like the cloud events and kind of the relationship there.

F

He focused on the cd pipeline, I'm not sure what you mean by cloud events in particular, but he talked about the control plane. He talked about the different events he talked about. You know what they call their shipyard and you know kind of protocols that we should probably be thinking about in the events working group- okay, great so.

C

He did a brain dump.

F

Of everything that they've sort of thought about and done with, captain.

E

But I think also the captain events are actually based on cloud events. If I don't remember.

D

Yeah yeah, I.

E

Think it's.

D

I just wanted something about the mapping that, like it's based on cloud events, and this is how it maps to to abstract cd systems I'll go check it out.

A

Okay, another comments, questions to the johns right based on the names I see here like it's great, to see. Multiple projects like I don't know- if I should say representative rightly, is taking part in the conversation within the siege. So it's like. I see andrea, tecton, emil, eiffel andreas captain, cameron spinnaker.

A

So it's I think it's really great start. So, congratulations again, emil, andrea mcs! All of you for getting this even more! You know attractive.

A

I hope you don't stop joining us. You know we have lots of common things to you know, continue working.

E

Sure, okay, you might not be as frequent, but you of course you will be represented. I would say good.

A

So that's uh iran's sick and the next topic is policy driven ci cd. Let me quickly open the slides, which was uploaded to cdf presentations repository, I'm not going to go through all the slides just to highlight one of the slides yeah it's here. So this was kind of nice topic for our siege.

A

It wasn't a new topic in cic domain, as we discussed during the previous meeting, I tried to highlight some of the challenges specific to policy and how those challenges may relate to cic domain when multiple ci cd technologies are in use and their approach to policy, even what they name policy within their projects are different, like in tecton case again, christie, andrea, correct me. If I'm mistaken here, you call them conditions in spinnaker. They are called policy. I think in jenkins.

A

Again it's called policy, and apart from the ci technologies, there are external systems that could be involved in like steering how the cicd pipeline should enforce policies or governance in general and based on that conversation, we start this hack, md document.

A

As I noted before uh you tracy reagan, you joined, I missed sending this document link on mail list, so the idea is to do something similar to like what we did with events and standardized metadata to collect the different approaches to policy from different communities, jenkins, spinnaker, techton or telus, and deploy hub four and see how they map to each other even on terminology context and then see.

A

What we can do to you know help end users, because this is a critical topic for all the different types of businesses: industries, either heavily regulated like finance, telecommunications, health or even for startups.

A

And now I stopped talking and if anyone wants to add anything on this topic.

G

um I have some questions I it feels like there are a couple different ways that this could play out. um I missed the previous talk, the previous meeting, where we talked about policy driven cd but, like I feel like this could be like one very cool way that this could happen. Is um you identified like policy frameworks? You could potentially express policies about your entire cd pipeline in these frameworks and then have those translate into um something in tecton or something in any of these.

G

Others is that kind of the direction that this conversation is going or is this more about um just integrating into the existing, like tecton pipelines like how you would um uh verify that a policy is being followed or like what? What because it feels like there's kind of like a very wide range of directions. We could go.

A

Yeah, exactly, I think, tracy you trace reagan. You brought this topic to end. Users are not end users best practice, so there are like multiple different angles. This you know topic could be worked on or studied or researched. Like one angle is like pure interoperability, how you can you know, define your policies like policy as code and then how those policies could be consumed by different cic technologies like tecton, spinock and so on.

A

That is like you can see it like interoperability issue, because all these uh technologies handle policy differently or consume the policy differently, and the other aspect could be more best. Practice angle, like okay policy or governance, is a challenge for organizations how best to you know ensure you keep this under control without blocking the developers delivering latest changes to production, and there may be other angles as well.

F

Yes- and I actually brought this up in the events um this, our our meetup um and I did uh shamelessly- promote you fatisa, I hope you're so good for march um to talk about policies, but you know I indicated that policies may be the guard rails for events um there. There may be a convergence between the two.

A

Yeah yeah yeah again I see, I is it uh christie. Are you typing that or andrea again, like webcast is one way.

C

That's me.

A

Yeah events is the other way like consuming those uh policies like the race could be different, depending on like what organizations employ for their pipelines.

A

And the other angle tracy miranda this time I remember we have the governance as the topic in end user console for the fourth quarter.

A

So one of the reasons why I want to highlight this during the previous meeting is perhaps if we could start working on this topic now, we could have some input for what end user will and user console will be doing q4. So we'll be more, you know collaborating with the end users better with like these are our findings, how the communities approach these things, how the organizations apply these things as best practices and so on.

D

Yeah, no, I think, that's a great idea, uh definitely plus one.

A

Okay, uh ramen uh sorry to pull you in, but uh any input to a policy topic from your site.

B

Well, um yeah, the um on at ebay. um We've approached the policy side of things from a more of a badge system where we're trying to make sure that, as as the manifest for a particular release is being is moving from environment to environment and the ultimate goal is to reach production.

B

That they achieve certain things along the way. Those things are things like making sure that a project or an application has a continuous delivery pipeline defined and the let's say the build unit tests, integration, tests, security scans. All of those things are getting done as part of that automated pipeline and not manually, because all of those things are achievable in a manual way, but we don't want developers doing that manually.

B

So all of these things that I just mentioned basically become badges that a manifest of an application. That's a candidate for release receives along the way. uh For example, it went when they when they finished their unit tests. The unit tests are reported to a central uh policy unit or testing policy um system. That system takes the the manifest id it it provides. It basically awards a badge that says your unit tests pass. So you now get this unit test badge and as they go through the pipeline and they do their integration tests.

B

They report those results, then that that system says okay, your integration tests pass you. You are now awarded an immigration test badge uh and so on and so forth, and by the time they let's say they are ready to deploy to the staging environment.

B

The staging environment has a certain set of badges that it requires for a manifest to have before it can get deployed. If the manifest has not achieved those badges.

B

Well guess what the staging environment machinery denies deployment of that of that manifest it's it's kind of a you. You know you get things done uh as per the company policy for deployments into various environments and if you have done them, you've received those badges at the time of deployment, uh because that's the ultimate, that's you know by the time you you you've deployed to three different environments. It's there's a feature environment.

B

There is the staging environment and then there's the pre-production and production environments that we have and uh each one of those has a set of badges that a manifest is supposed to have.

B

So that's how we've approached uh policy driven deployments at ebay.

A

Yeah, I think, like, uh as you see on this pipeline diagram, like I also have like stamps or badges based on the you know, the policy input provided by whatever system, either the pipeline technology or so yeah. It's like gates like if you don't conform to this policy, your stuff is not going to end up on staging or production or whatever environment. You may have.

B

That's exactly right, the gate actually is the gate. Is the deployment to a particular environment? That's the gate and then uh so that the manifest is not allowed to deploy to a particular environment unless it has achieved a certain sort of requirements and those requirements, uh the the achievement of the requirements are indicated by the badges that have been given to the manifest. So it's just a matter of how you think about um whether or not the requirement for a particular release has been met.

B

We decided to go with it with a badging system, I'm sure there's other ways to skin that cat. But this is how we went.

E

That very much sounds like the use cases we have in erickson as well, where we we call them confidence, levels or maturity, level levels, and we actually notify those using events instead, so we can actually we trigger the actual deployments or any of those based on these events. Instead, instead of the deployment system searching for batches or whatever that are set on certain delivery or whatever the events themselves actually trigger them than the the deployment so the next step of the yeah, the deployment pipeline or whatever you want to call it a production pipeline.

E

uh So so we have what is so. We say that the same use case. We have to call it something less, uh maybe slightly differently, but but it's the same thing. I would say very interesting to hear.

F

Yeah, so when I think about events, I think about how we built, you know, put those guardrails around it and you just described: what's you know kind of floating around in the back of my mind, how that would look. So thank you for that.

B

Yeah and by the way uh there are also as as badges are awarded by the central authority.

B

Though that same authority also produces events that says a particular badge was awarded to this system, and then other systems can subscribe to those events and do things if they need to, but uh so the the event system is part and parcel of this badging mechanism.

E

That's great interesting.

A

I I want to ask uh about this regulation type of stuff like again going back to my comfort zone like, for example, telecom uh space or like health or finance, like I'm wondering if you can uh find uh other this type of heavily regulated like users, uh maybe tracy, I think we have uh some participants in end user console coming from finance because, like the block list or privilege or that type of scans, I think everybody is doing it one way or the other.

A

So I'm sure we can come up with a pretty good list on that end of the pipeline. But this and may be valuable for that type of users as well.

A

I don't know if anyone is speaking, I.

F

I'm thinking.

A

Okay,.

F

It's.

A

Very difficult to find you know who is muted and who is not, but just an idea.

F

Yes and since I'm not sharing my screen, you didn't see me going.

F

How do I answer that question? I I was assuming you're asking me, maybe you're asking tracy m.

A

Yeah both of the both of you just you know because, like uh I, I forgotten the name uh we have been talking about the you know finance industry stuff. So if you remind me.

D

Yes, sorry I was, I was eating. I have to confess.

D

Yeah, I think the regulation thing will be good as it sounds. We are kind of talking very actively with the the finnops foundation, no sorry finos, so the financial sector um and I'm gonna go uh jump in on some of their like they have a devops like a devops mutualization, which I think um has some of these concerns.

D

um So I'm gonna go along and and try and see if this is relevant to them. So I I can highlight that and see if we've got any takers on the the regulation topic to to help us shape that out.

A

So now we talked about the user aspects. Now we have the projects again, thanks uh christian someone puts pinnacle, link there as well. So jeremy, do you have uh anything in zuul, for this type of you know use case.

H

There's no use case for what specific.

A

Policy enforcement or conditionals or I don't know- maybe you are using a different word or term for this.

H

um I mean.

H

Basically, it's it's focused around definition of jobs, um the the jobs are generally user defined, but I I guess from a policy enforcement perspective, we do have the concept that, because configuration in the system is distributed across, potentially all of the get repositories that the system knows about.

H

It does have a particular means of um centralizing configuration for things that the operators um you know want to uh to basically not put in the hands of the people who control the individual repositories, and so um you, you can certainly define jobs which can which are immutable, can't be changed um in the the individual repositories can only be managed in what it refers to as trusted configuration repositories and, and that can include which pipelines in which projects get those jobs added.

H

So you can effectively require that specific jobs are run um on specific events for projects and the projects the people managing those projects are not allowed to override that central decision. I guess that's. That's.

D

Maybe.

H

The the closest we come to a policy enforcement concept.

A

Okay, so I added azul here uh now, I I want to ask question to like rameen, tracy uh emmy jeremy. Now this made me realize like because we are working on this dragon. This could be again a good collection of needs from users as well. So is it okay for you. I watched the recording of this meeting and reflect what you summarize to this document.

A

Are you fine with that, because I will be saying: ebay, ericsson and zul and to you.

H

Know.

A

Let me capture those, so we kind of see. Okay, the users are already doing this and they are doing this way and the projects or communities already supporting these in this way. So we can, you know, see the overlap between the approaches from different perspectives.

A

Let me action myself, so anyone else wants to add anything for policy topic.

A

Okay,.

A

I will be reaching out to uh cameron as well and maybe cara uh for jenkins and spinnaker input and tracy. I reckon you will already you already said you will add some orthelius deploy hopping for there. So.

D

I think.

A

Yeah, we will have good starting point for any further conversations.

A

So if that's all, I suggest we can move to the next topic, which is the standardized metadata. I don't see dave and steve here and dave said they had some changes in their their company, so that kept him busy with some other work. He wasn't able to add input to the document. Steve said he will have it artifact topic and we have some input there. I think mlu send a pr from eiffel point of view and trace reagan. You said you will bring some more tell us. Example there.

A

So whenever you can do it, that would be great. So we kind of go both metadata and policy topics in parallel, which one gets more attraction than we push with that forward.

A

You know, I want to say anything about the metadata topic.

A

Okay, I take that as no and then I want to come back to interpret white paper, because I noticed few things there when I was uh working on references topic.

A

So someone let me find the name.

A

Florian put some comments on some of the contributions from captain and some other comments. There looks like we missed them. At least I missed them so tracy miranda have you noticed his comments there and if we took his comments into consideration, while we are working with the uh creative team to finalize the format of the white paper.

D

Yes, so um just as an update, uh we did do another round of kind of looking at this. My expectation is that we are gonna kind of heavily edit it um to kind of summarize the key points or pull different um use cases into some of the like user use cases.

D

Examples in different sections, so um we'll take those comments into consideration and what I'll suggest is we get the draft version in pdf form of what the white paper will actually look like, and then we have everyone re-review that so expect things to get moved around, maybe summarized or some of the case studies cover two different things. Maybe those get split up um and then I think there were a few gaps like I.

D

um I noticed that I think I just saw that the spinnaker and jenkins.

F

Case study.

D

Went in so that's good because it was kind of seeming, a shame not to have that covered, and then the other thing was um talking a little bit more about the the tecton approach of building blocks. So I I did ask christy wilson.

D

Well, I I might pull some stuff from the website and then ask her to review it um just because we don't necessarily set out um the tacton approach, um and I think it's a it's a key part of this story.

D

The other aspect um that sort of came up when we were looking at it was okay. um Oh yeah! That's right, like pulling in some of the other initiatives from the group like, in particular the the rosetta stone, um whether that should be featured as um like in the earlier section, not necessarily case study, but we talk about trends and initiatives, so whether we should have a little summary of that effort as as part of kind of one of the stepping stones or the things that has to happen to to make this move forward.

A

Yeah we have a chapter here: tracy lack of shared common vocabulary. We haven't included, link to rosetta stone so.

D

Maybe what we could do is we could do a little box there. That says one way of tackling this has been um the the rosetta stone in here is here's a little. We could do maybe a little image of it and link out to to the to the main one, um but I I think I'd like to see that featured in this um because yeah, I think it's a good part of the the direction.

A

And that actually reminds me christie's, uh I think you are also working on tracy, like this uh cicd definitions, the work in progress. Maybe it could be like a hint for upcoming. You know work or ongoing work to you know describing those terms or history work, yeah, yeah, yeah,.

D

So we could mention the history as well. That's a great point: um yeah. Could you tag something comment there just so you remember that when I go back to this but um yeah, so I I think we can take more input and I think there's um we can kind of keep reworking it as we go.

D

um There's no like I'd love to get a version out regardless folks can review. But if folks want to keep tweaking things and commenting, let me know- and I think the other comment- the other thing I wanted to check with dave sudia. um I understand he's no longer with go spot check, so I just wanted to make sure uh he could either connect us with someone there for make sure it's it's kind of still an improved case study. We can feature.

C

Okay, let me comment that, as.

C

Well,.

A

I don't get, but so I add you, tracey, yeah,.

D

Tag me I'll I'll. I it's on my list to follow up with him anyway. As part of um this, this work.

A

Okay,.

A

So uh and I the question I had was the references like, uh like the referencing style, further reading company links like what should we include in references, I included the projects referred in different parts of the document, but should we go further than that like should we include company links or such things.

D

I would I wouldn't put down company links. um I would link to any articles or publications um that we reference, but I think that's a good starting point anyway.

A

Okay, so that comment is already there and the last question: I wonder if anyone knows florian ratbeger, I googled him and I got google, but I wasn't sure if he is affiliated with google. So if any of you know him, can you ping him? I asked him question here, but he hasn't responded yet.

D

Okay, so this is so we can add him to contributors.

A

List exactly so, I try to include everyone who contributed either directly or via comments, as contributors to you know, uh make sure we capture everyone contributed.

A

Okay,.

D

Was it cameron who put in the spinnaker.

A

They were three people. Let me find jennifer hooper james, bormann and cameron. They were cool all.

D

Of them.

A

In the contributors.

C

Nice.

A

So that was all the topics we had any other topic. Anyone wants to bring up.

D

Just a quick plug for cdcon call for papers; open uh love, love to have everyone here somewhere to talk.

F

Yeah the deadline's coming up too it's march 5th, it's just around the corner.

A

And the early bird deadline is tomorrow. If I am not mistaken,.

D

It is yes, if you want a chance to be one of five selected talks that we do some early promotion and acceptance to the program uh get get your submission in by tomorrow.

A

Yeah, I remember the date because I submitted one proposal, hoping that.

D

That's.

A

Him, okay, that line.

A

And is february 19., so everyone uh please submit talks if you want to be considered as part of early bird deadline. Tomorrow is the deadline otherwise march 5th? Is the deadline for final submissions, okay, anyone else.

A

Okay, then, I want to thank everyone for joining today as well, and the next meeting will be on march 4th. I hope it's not the time shifts. I think this summer time kicks in end of march, or I don't remember exactly when.

F

Oh, is it.

A

Yeah we are coming close to confusion phase. Oh.

F

My goodness, I hate that yeah.

A

But I think it's end of march or some somewhere there.

C

Yeah.

A

So we will need to you know shuffle things around. Maybe you know changing the meeting time whatever, but yeah. We will talk about that. One of during one of the upcoming meetings. I will ensure that I add the topic to the agenda for one of the upcoming meetings. So everyone knows there will be confusion.

F

Always is.

A

Yeah, but otherwise again thanks for joining and talk to you in two weeks again so having a have a nice day evening and weekend, thank.

C

You thanks betty. Thank you. Thank.

C

You.

C

You.

C

You.

C

You.

C

You.

C

You.

C

You.

C

You.

G

So.

G

You.

G

You.

G

You.

G

You.
youtube image
From YouTube: CDF - SIG Interoperability Meeting 2021-02-18

Description

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/