►
From YouTube: 2023-07-11 Delivery:Orchestration demo - EMEA/AMER
Description
Featuring a demo of a possible solution to use an MR to sync repos following security releases
A
Okay
welcome,
so
this
is
the
11th
of
July.
This
is
our
email,
India
America's
timed
orchestration
demo
and
we've
got
Alessia
article
not
showing
another
live
stream,
but
only
because
it's
got
video
well
internet
troubles,
so
videos
are
off
also
I
want
to
just
mention
as
well
that
we
only
have
one
more
demo
of
this
time
start
in
this
quarter.
So
let's
keep
that
in
mind
as
well
as
we
sort
of
plan
actions
and
think
about
next
steps.
B
B
B
B
So
what
are
we
looking
at
here?
So
what
we
are
looking
at
is
first,
there
is
a
merge
request,
a
real
getlab
merge
request,
which
is
this
one.
This
should
be
in
the
screen
right
now,
which
is
quite
simple
in
terms
of
changes,
but
it
basically
what
it's
doing
is
is
introducing
the
ability
to
change
the
shape
of
the
gitlab
pipeline.
B
It
has
the
guarantee
that
everything
in
those
branches
have
been
reviewed
by
upsec,
maintainers
and
everything,
because
we
are
talking
about
things
that
are
already
in
get
the
club,
so
we're
nothing
talking
about
someone
contributing
something
from
a
fork
or
from
a
feature
branch
and
asking
to
be
merged
in,
but
we
are
really
identifying
a
very
specific
thing,
something
that
is
on
security,
mustard,
that
wants
to
get
into
canonical
master
and
because
both
branches
have
cannot
be
pushed
onto.
They
just
go
through
the
merge
request,
code
owners,
approval
and
everything
we
are.
B
We
have
very
high
standard
on
what
is
on
those
branches.
That's
the
point
Okay.
So
if
these
conditions
are
met,
so
this
is
emerging-
is
coming
from
Master
branch
on
security
that
wants
to
merge
into
the
master
branch
of
gitlab,
then
we
can
play
this
little
game
down
here
and
say
we
are
including
this
skip
yamo,
which
is
something
it's
it's
it's
a
yamo
ci-fi
that
is
already
in
the
Pro
that
is
designed
to
have
a
green
pipeline.
That
does
nothing.
B
It
basically
prints
out
a
message
and
we
are
into
including
this
only
in
this
case
and
if
it's
not
a
security
canonical
sync,
we
are
not
including
the
regular
pipelines.
So
this,
basically
this
acts
at
the
very
top
level
of
what
defines
the
the
the
overall
merge.
Github
CI
yaml
file,
we're
just
changing
the
inclusion,
we're
removing
everything,
and
only
including
a
special
file
that
that
does
this
no
operational,
no
operation
job.
So,
as
we
can
see
here,
this
merge
request
here,
which
is
a
regular
merge
request,
has
all
the
regular
long
pipelines.
B
So
all
the
jobs
are
here,
but
then
we
are
testing
this
here.
So
that's
the
basically
in
order
to
test
I,
had
to
change
the
behavior
and
removing
the
CI
default
branch
and
putting
a
feature
Branch
here
so
that
I'm
can
I
can
test
this
and
show
the
end
result
without
having
my
change
merged.
So,
basically,
now
that
I've
shown
this.
If
we
go
into
the
overview
you,
what
we
see
here
is
loading.
So
basically,
this
is
a
cro
across
project
merge
request.
B
B
A
B
B
This
has
some
advantages
and
some
disadvantages
that
are
interesting
to
to
discuss
because
it
it
scales
with
a
number
of
changes,
because,
basically,
the
merge
is
being
performed
by
GitHub
itself
and
that's
good.
It
also
has
another
I
call
it
benefit,
which
is
even
though
it
may
not
merge
immediately.
For
other
reason,
it
already
exposes
the
content
of
the
security
releases,
because
anyone
that
now
can
go
on
that
merge,
request
and
see
the
changes
that
are
coming
through.
B
Basically,
what
we
are
doing
is
we
are
leaking
the
security
release
with
that
step,
which
is
actually
what
we
want
to
do,
because
we
want
to
close
the
security
release
by
merging.
So
that's
good
as
well.
It's
okay!
There
is
the
problem
of
the
code
owners
and
approving
that
thing,
which
is
a
problem.
I
mean
it
can
be
overcome
by
having
a
Bots
that
can
approve
everything,
which
is
something
compliance
will
not
like,
but
at
the
same
time
compliance
don't
like
having
a
body
that
can
push
the
master
so.
A
B
Yeah
and
I
wanted
to
point
out
final
benefits
that
I
realized
when
I
was
working
on
this,
which
is
in
case
of
a
conflict
of
something
that
breaks
so
it.
Let's
say
it
can't
merge,
because
there
is
a
conflict,
so
this
will
clearly
show
up
in
the
UI
that
there
is
a
conflict.
But
the
nice
thing
about
this
is
that
the
regular
security
merge
drain
process
will
fix
the
problem
itself.
B
So
what
what
I
want
to
say
here
is
this
so
because
this
is
a
merge
request
if
the
source
Branch
so
security,
Master
advances,
then
the
merger
request
refresh
itself.
So,
basically,
if
there
is
a
conflict,
the
solution
to
the
conflict
is
doing
the
reversal
merge.
So
you
want
to
incorporate
canonical
into
security,
fix
the
merge,
and
this
will
also
sync
at
the
end.
B
Basically,
because
basically,
the
the
regular
merging
process
will
keep
running
will
identify
the
the
merge
conflict
will
open
the
merge
request,
the
way
we
are
doing
today
or
if
we
can
improve
it,
the
better
and
then
as
soon
as
that
thing
get
merged
into
security
Master.
This
merger
request
will
auto
update
if
we
were
able
to
have
it
pre-approved
and
set
as
merge
one
pipeline
succeed
or
something
like
that.
It
will
just
merge
itself.
It
will
rerun
seven
seconds
and
done
it's.
It's
closed.
B
No,
we
are,
there
are
two
problems
here.
One
is
that
there
is
a
blanket
approver
for
almost
everything
and
I
think
we
are
not
there,
but
that's
not
a
problem.
The
thing,
though,
is
that
there
are
special
files
that
require
special
approvals,
one
being
code
owners
itself.
Another
one
is
I,
think
the
the
Italy
version
file,
so
it
is
possible
and
that
this
is
what
happened.
C
Yeah
I
think
dissolution
scales
better.
When
it
comes
to
the
git
traffic,
it
removes
the
requirement
of
us
trying
to
find
a
window
in
which
no
one
is
pushing
to
master,
because
it
is
creating
a
merge
request
and
it
removes
the
necessity
from
pushing
directly
to
master
so
I
do
think.
This
is
a
long-term
solution
that
could
be
implemented.
A
Do
we
have
any
problems
unjust,
going
into
the
Mr
I
know
on
one
of
the
generated
Mrs
that
we
had
sort
of
some
months
ago?
We
had
too
many
changes
in
the
security
like
repo
that
we
needed
to
sync
back
and
we
had
those
split
over
different
Mrs,
but
I
don't
know
enough
about
how
that
got
generated,
but
is
that
going
to
be
a
possible
problem
on
this.
C
So
this
one
should
only
include
the
security
changes
and,
depending
on
the
security
release
size,
the
changes
might
be
large
or
maybe
considerable,
smaller,
but
yeah
I.
Think
if
we
want
to
implement
this
I
think
we
should
test
it,
at
least
at
the
very
least,
and
also
I,
like
the
idea
of
having
just
one
job
for
the
merge
request,
because
technically
it
has
been
approved
from
security.
C
B
Yeah
I
mean
because
we
merge
locally
and
we
push
right.
So
basically,
the
pipeline
runs
after
which
changes
already
on
master,
and
so
this
would
be
the
same
thing
actually
exactly
the
same
thing.
So
the
the
pipeline
itself
will
not
have
the
pipeline
and
then
like
Midland
lands
on
master
and
we'll
have
its
full
pipeline.
A
But
just
to
come
back
on
that
limits
thing
like.
Are
we
like,
if
we,
if
we
did,
have
a
big
I,
I
I?
What
I
can't
remember
if
anyone
knows
about
that
case
that
we
had
a
few
months
ago,
where
we
had
more
changes
than
could
go
on
a
single
Mr
Right?
Would
there
be
a
limit
to
how
many
things
could
be
synced
in
this
one
Emma.
C
So
are
you
talking
about?
We
have
too
many
changes
to
feed
in
our
chocolates
yeah
I.
Don't
think
there
is
a
problem.
I
have
seen
merch
requests
with
a
lot
of
changes
when
I
review
them,
like
40,
55s
change,
with
thousands
of
lines
being
introduced
and
the
interface
of
the
merger
Quest
is
a
bit
slow,
because
merge
requests
cannot
handle
a
lot
of
file
changes
like
when
loading
the
merge
requests,
the
files
start
to
be
collapsed
and
the
page
takes
a
bit
to
load.
A
B
But
also
this
is
more.
This
is
because
this
is
moving
security
into
canonical,
so
it's
only
the
concept
of
the
security
release,
while
what
we
do,
which
is
when
we
have
a
conflict,
is
the
opposite
which
is
bigger.
We
have
everything
on
canonical
that
goes
into
security
and
those
mergers
just
they
work
they,
the
the
UI,
can
be
slowed.
That's
true
also
here
we're
not
planning
to
interact
with
the
UI,
because
it
this
is
kind
of
designed
to
just
go
through
by
himself
right.
A
B
I
mean
this
can
be
created
by
the
the
finalized
pipeline
in
release
tools,
because
it's
just
it's
a
single
API
call
to
create,
and
then
it
could
be.
Another
couple
of
API
calls
to
approve
it
and
set
as
merge
when
pipeline
succeed.
It's
just
a
matter
of
the
code
owner's
things.
That's
that's
the
real
problem.
C
A
B
A
Then
what
we
can
perhaps
do
is
is
try
and
get
that
piece
figured
out,
and
then
that
gives
us
a
choice
of
for
the
next
security
release.
We
either
do
the
merge
train
as
we
did
this
time
or
we
switch
that
out
and
try
with
this
Mr
and
then
perhaps
once
we've
tested
both
of
them,
we
can
actually
decide
what
makes
sense
for
next
steps
if,
if
any,
are
needed,.
B
So
it
makes
sense.
I
want
I,
also
wanted
to
say
that
probably
we
can
still
move
forward
with
my
merge
request
and
see
what
engineering
productivity
thinks
about
it,
because
we
we
don't
do
that
type
of
merge
request
in
any
case
right,
so
we
don't
do
Pros,
so
it
will
just
stay
there
and
in
case
we
want
to
use
it.
A
C
Yeah
so
I
finally
started
but
I
talked
with
Steve
and
the
next
step
was
to
actually
automate
the
inclusion
of
the
merge
train
because
we
have
it
a
bit
manual
about.
Let's
have
the
release
manager
to
trigger
a
pipeline,
and
if
this
one
fails,
let's
have
to
trigger
it
again.
So
we
wanted
to
automate
those
tiny
bits.
C
I
haven't
started,
but
if
the
plan
is
to
search
for
a
solution
and
test
a
solution
that
could
replace
this,
then
it
might
not
make
more
sense
to
for
me
to
spend
time
automating
this.
So
perhaps
we
should
focus
on
see
if
this
works
and
test
it
on
an
executed
release,
and
if
we
decide
that
okay,
this
is
a
better
solution
than
a
more
scalable
one
than
the
merge
train.
Let's
focus
on
this,
instead
of
the
merge
train.
A
B
C
A
Agreed
agreed
I
can
I
can
connect
you
to
the
people
that
we've
been
talking
to
about
the
other
bot
stuff.
Because
for
me,
this
all
kind
of
hinges
under
we
have
things
that
have
to
be
able
to
be
approved
and
merged
by
Bots,
which
isn't
great
from
a
compliance
perspective,
but
I
hope
we
can
find
a
compliance
compatible
approach,
which
kind
of
has
this
two
pieces
to
it?
One
is
who
has
access
to
the
bot
credentials
so
it
when
you
set
this.
B
C
C
A
C
A
B
So
I
hope
that
I'm
coming
through
now,
yeah
so
looks
like
you're
looking
at
me
at
the
screen.
So
I'm
talking-
and
you
hear
me
so
the
that,
from
a
compliance
perspective,
if
they
are
willing
to
implement
all
the
things
ability
either
to
API
or
whatever
they
want.
The
thing
that
we
are
proposing
here,
as
well
as
what
we
are
doing
with
the
guitar
version
bump
is
easier
to
identify.
B
So
if
even
if
the
bot
is
shared,
but
that
bot
is
designed
to
only
approve
Mercury
was
coming
from
security
Master
into
security
canonical,
they
could
probably
see.
Did
this
bot
approve
something
that
was
not
meant
to
be
approved
because
I
mean
there's
not
there's
nothing
in
the
future
in
the
product
itself
that
allow
them
to
limit
the
approval,
the
use
case,
but
then
can
be
audited
right.
So
it's
still
better
than
nothing.
Yeah.
A
B
Actually,
I
I
keep
cons
on
the
same
idea.
Recently
I
did
a
contribution
into
the
triage
op
reactive
software,
which
is
basically
the
thing
that
when
we
do
something
on
a
merge
request,
it
automatically
comment
or
do
stuff,
because
when
I
was
testing,
this
I
found
a
bug
which
basically
was
called
the
by
the
bot
because
I've
merged
something
without
running
the
pipeline.
I've.
B
One
yeah,
but
it
was
but
wasn't
running
on
Masters.
So
that's,
basically
my
thing
was
doing
on
official
Branch
into
another
official
branch,
and
so
I
got
scolded
and
I
didn't
like
so
I
ended,
I
went
there
and
fixed
the
the
automation,
but
actually
it
it
is
really
interesting
how
it
works,
because,
basically
it
can
react
to
things
like
approval,
so
maybe
to
make
compliance
happy,
we
can
interact.
We
can
make
something
in
that
in
that
software.
That
say,
if
this
bot
is
approved,
moving
something
and
this
something
is
not
what
what
we
want.
B
The
brought
to
approve,
remove
the
approval
or
just
I,
don't
know
if
they
both
can
remove
the
approval,
but
do
something
like
just
prevent
the
merge
from
happening,
because,
even
if
it
happens,
our
discussion
items
that
is
unresolved.
This
is
already
enough
to
to
stop
the
approval
and
I
think,
because
that
that
software
runs
with
gitlab
bot,
it
can
even
remove
the
approval,
because
it's
just
removing
it.
A
Oh
okay,
so
just
on
a
few,
so
a
few
of
the
actions
I've
just
jotted
down,
whilst
you're
talking
through
there
so
Myra,
yes,
agree,
pause
on
your
work
on
19458
I
have
also
just
seen
that
on
the
Epic
we
actually
do
have
another
issue
about
using
an
MR
for
this
syncing
lseo.
So
I've
just
dropped
you
a
an
action
there
for
B
for
4B
to
just
consider.
Are
they
the
same?
Maybe
we
can
close
one
of
those
out.
A
A
A
C
A
C
A
C
B
C
A
No
okay,
Myra
for
you
as
well.
There
are
Leslie
I
left
a
comment
on
the
LKR
issue,
so
I
didn't
want
to
bring
it
up
too
much
on
this
demo,
because
I'm,
assuming
you
haven't,
had
a
chance
to
read
through
it
yet
so
have
let's
take
that
async
and
if
we
need
to
grab
some
time
to
discuss
things,
then
we
can
just
pop
in
and
ad
hoc
sync.