►
From YouTube: 2022 03 29 Jenkins Infra Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
so
hello,
everyone
welcome
to
the
jenkins
infrastructure
public
weekly
meeting.
We
are
the
29th
of
march
2022..
Today
we
have
mark
waite,
stefan
mel
timia,
comb
and
erveil-
remember
who
just
joined
and
damien
here
announcement.
A
A
B
Yeah
and
I
checked
it
just
minutes
ago-
damien
and
it's
90
minutes
into
its
two-hour
process.
So
I
see
nothing.
It's
it's
in
the
the
build
release
phase
so
about
30
minutes
from
now
it
should
apply
the
label
or
apply
the
tag,
push
etc.
So
I
I'm
not
overly
worried
about
it
and
if
you
want
you,
we
could
give
in
the
late
hour
of
the
day,
just
plan
that
I'll
run
the
release
checklist
after
it's
done
and
and
dot
the
eyes
and
cross
the
t's.
B
A
So,
let's
see
how
it's
behave,
another
announcement
that
what's
the
number
of
the
release
I
took,
it
was
2041
correct,
341.
A
A
Thanks
there
is
a
plugin
advisory
that
should
be
published
in
a
few
minutes.
If
it's
not
already
the
case,
I
haven't
seen
any
message.
So
it's
currently
running.
B
B
Let's
see,
we've
got
an
lts
coming
and
the
new
is
the
fonzo.
Is
the
release
lead
right?
I
don't
know
that
we
need
to
announce
that
there,
but
the
release
candidate,
so
the
2.332.1.2.
B
B
A
B
C
Yep,
so
that
is
something
that
jan
and
I
have
been
working
on
over
the
last
few
weeks
called
the
design
library.
C
C
Everything
that
it
needs
at
the
moment
is
released.
Well,
it's
getting
released
in
the
current
weekly
but
we'd
like
a
place
that
we
can
link
people
to
from
documentation
from
genesis
to
io
and
lay
in
the
meeting
list
and
whatnot
just
to
send
it
out
to
people
so
that
they
can
try
it
out
and
see
it
with
the
goal.
Eventually.
Hopefully,
that
creates
dye
would
do
that,
but
given
it
requires
the
latest
weekly
version
that
wouldn't
be
practical,
I
feel
like
we'll
get
a
much
better
uptake
in
usage.
C
If
we've
got
a
service
that
we
can
send
out.
C
So
there
was
two
ideas,
one
which
was
just
a
temporary
service
called
design
library.jinxdio,
which
is
just
a
jenkins
with
nothing
else
on
it
really
other
than
the
design
library.
And
then
there
was
another
one
that
mark
and
alex
had,
which
was
to
create
a
weekly.cra.js.io
which
just
runs
the
latest
weekly
publicly.
So
you
can
see
what
it
looks
like
and
I
don't
know
whether
it
would
run
jobs
or
just
have
some
example,
jobs
or
something
I
don't
know,
but
just
to
show
what
the
current
weekly
looks
like.
B
Yeah,
I've
tim-
I
I'm
impressed-
I
installed
it
just
this
morning
and
what
a
nice
piece
of
work
that
design
library
is.
I
I
I
think
we
do
want
to
put
weekly.
We
already
have
weekly
running
in
one
of
our
ci
servers
and
whether
it's
design,
library
and
we
accept
it's
temporary
or
or
we
do
something
a
little
more
permanent.
I
think
I
think
it's
healthy
for
the
organization
to
consider.
B
B
Only
design
never
well
so
I
might
ask
for
it
to
have
at
least
one
windows
agent
and
one
linux
agent,
just
so
that
it
could.
It
could
run
some
some
set
of
interesting
jobs,
but
other
than
that
I
agree.
It's
it's
very
light,
and-
and
maybe
it
doesn't
even
need
those
it
just
for
me
if
it's
got
a
access
to
a
windows
agent,
even
if
it's,
if
it's
purely
ephemeral.
B
A
Sorry,
that's
a
nice
idea,
since
we
already
have
infra
ci.
That
will
be
a
public
available
instance
of
steed
on
kubernetes
with
ephemeral
agents,
either
cuban
and
or
aws
machine.
As
for
now
does
it
sounds
good
for
you,
because
that
will
be
almost
the
same
configuration
as
infra
ti,
except
we
install
it
on
the
public
cluster
instead
of
private
yeah.
A
Yeah,
oh
stefan
arvey,
are
you
more
prone
to
a
temporary
instance
only
for
the
design
library
feature
and
then
we
dump
it
or
to
have
something
a
bit
more
permanent?
That
will
be
the
weekly
or
preview.
E
A
A
One
cpu
two
gigabyte,
if
you
go
under
that,
might
be
tricky
because
because
of
the
sidecar
and
the
way
plugins
are
loaded
going
under
is
yeah,
the
cost
difference
won't
be
that
much
the
cost
will
come
from
the
agents,
mostly.
B
A
B
A
A
C
A
A
Okay,
so
that's
as
soon
as
possible
and
then
tim
you
can
either
walk
with
us
to
edit,
but
yeah
the
the
first,
the
the
most
easier
we
can
take
it.
You
can
start
it
that
will
be
installing
a
new
release
on
the
front
public
gate.
C
A
Yeah,
let's
go
that
way
so
for
everyone,
the
first
person
that
has
free
time
and
wants
to
work
on
that
must
absolutely
think
about
allocating
the
issue
to
themselves.
So
the
other
know,
someone
started
to
work
on
it
and
eventually
commented
just
to
be
sure.
So
we
can
work.
Asynchronously
sounds
good
for
you,
yes
sounds
good!
A
A
Okay,
so
what
did
we
do
this
week?
So
we
have
a
lot
of
long-running
tasks,
so
we
only
closed
the
one
one
task.
There
has
been
a
few
in
the
desk
closed.
So
thanks
for
everyone
who
are
closing
these
issues
on
on
the
fly,
so
they
solved
an
issue
with
the
account
application
and
team
thanks
for
helping
there
also.
So
it
looks
like
that
that
account
application
wasn't
able
to
connect
to
the
ldap
different
error.
So
I'm
sorry,
but
this
the
solution
is
to
delete
the
pods.
C
F
C
Yeah,
the
bigger
problem
is
the
the
jetty
plugin
that
it
uses
and
built
into
gradle,
and
so
to
get
it
working.
You
need
to
port
it
to
an
embedded,
jetty
container
and
just
rewrite
a
whole
bunch
of
stuff,
and
I
spent
15
minutes
online
and
said
screw
this
way,
I'm
using
a
better
solution.
A
So
yeah,
so
that's
why
I
would
starting
better
to
so.
As
a
reminder,
we
will
want
to
have
key
clock
or
the
tool
that
gavin
pointed
to
us,
but
we
need
a
tool
to
be
able
to
manage
the
accounts
on
the
ldap.
Both
tools
are
are
looks
like
okay,
but
in
order
to
have
these
tools
installed
and
used
definitively,
we
need
the
migration
to
the
private
cluster
to
be
done.
First,
that's
a
strong
requirement
in
terms
of
networks.
A
So
stefan
worked
on
that
topic
is
driving
the
topic,
so
we
were
able
to
add
a
manage
postgresql
database.
Thanks
tim
for
the
insight
about
the
flexible
instances.
We
weren't
aware
on
that.
So
we
now
have
a
full
terraform
manage
azure
with
management
of
network
and
everything
so
going
in
the
correct
direction.
A
A
Next
one
apply
to
the
core
open
source
program,
which
is
closely
related
to
docker
up
credential
for
vm
agent.
So
last
week
we
had
a
rate
limit.
We
need
to
ask
the
docker
open
source
program
if
they
can
extend
their
the
current
sponsoring
they
are
doing
for
us
on
the
jenkins
docker
app
account
if
we
can
extend
it
to
one
or
two
technical
accounts
that
we
could
use
in
the
infrastructure.
A
The
main
idea
is,
we
would
want
to
be
able
to
use
to
increase
the
rate
limit
of
a
single
account
and
ideally
have
an
account
that
is
only
used
for
pulling
images,
so
we
can
safely
share
even
with
read-only
token.
We
could
safely
share
this
credential
and
not
being
burned
by
the
api
right
limit.
A
A
So
there
is
also
a
pipeline
library
pull
request
by
stefan
and
rv
that
tried
to
maps
two
credentials
per
jenkins
instance
that
we
host
one
for
pool
and
one
for
push.
So
we
are
currently
creating
the
accounts,
creating
the
api
token
on
each
account,
so
the
password
cannot
be
used
and
we
can
recycle
the
token.
We
have
two
level
of
credential,
then
a
sum
already
exists
and
that
library
will
keep
using
by
the
whole
syntax
that
we
currently
use
we'll
keep
using
the
push
credential
to
not
break
the
release
capability.
A
That
library
has
been
posed
because
of
the
weekly
release
and
the
security
advisory
of
today.
So
we
should
continue
working
on
that
on
the
upcoming
days.
It
doesn't
include
the
modulo
yet
the
idea
of
for
a
given
build
on
cigo
spreading
randomly
between
two
three
or
more
accounts.
That's
the
first
step
now
to
be
able
to
deploy
to
see
how
we
could
cover
all
the
cases
and
if
the
api
ready
might
come
again,
we
can
start
spreading
mainly
on
siege
and
quincy.
A
D
I'll
make
the
migration
from
my
story.
If
you
want
to
continue.
A
A
A
A
The
question
is:
what
are
the
existing
email
in
something
at
jenkins
io
that
already
exists?
We
weren't
able
to
extract
them
from
the
github
story
and
tyler
and
olivier
weren't,
able
to
tell
us
which
ones
so
tyler
says
that
I
don't
know.
C
A
There
is
the
mix.
The
thing
is
that
if
we
move
to
a
mix
that
will
be
the
worst
case
we
move
it
to.
Whatever
email
system
sounds
like
linux
foundation
has
paired
the
ticket,
but
yeah.
We
need
to
be
sure
that
we
need
to
have
a
catch
them
all
then
so
yeah,
let's,
let's
ask
kk
at
least
to
be
able
to
reach
megan
and
see
the
list
of
email
and
then
move
away.
C
C
B
B
A
A
A
E
A
I'm
sure
you
will
you're
ready,
define
credential
at
folder
jobs
level
instead
of
jenkins
instance,
so
the
goal
is
to
have
a
way
to
use
influence
code
to
avoid
having
credential
on
top
level
of
jenkins
instance,.
A
So
the
current
status,
I'm
able
using
my
homemade
helm,
template
I'm
able
to
convert
a
set
of
yaml
definition
into
something:
that's
generate
valid
job
dsl
with
credential
at
folder
or
multi-branch
level,
and
it
sounds
like
that
if
you
create
a
config
map
on
a
jenkins
center
deployment
with
the
correct
annotation,
the
system
that
search
for
the
configmaps
dynamically,
if
you
use
the
correct
annotation
will
get
it.
So
I
was
successfully.
A
I
just
did
it
successfully
one
hour
ago,
so
I'm
pretty
confident
that
for
our
infrastr
and
release
ci,
we
should
be
able
to
have
a
custom
made
and
charts
that
use
the
official
jenkinson
chart
and
apply
the
configuration
directly
for
now,
because
my
template
is
not
perfect,
it
doesn't
cover
github
organization
scanning
and
some
kind
of
plugins.
A
A
Given
that
it
involved
a
job
dsl
and
there
were
some
job,
dsl
dead,
pull
requests
or
rotting
pull
requests
since
one
year
that
I
mentioned
on
the
issue,
thanks
tim
for
adding
at
least
the
label
and
pushing
back
on
that,
I
will
contact
the
maintainer,
because
some
of
the
credentials
needs
to
job
dsl
to
manipulate
the
xml
configuration.
A
A
A
So
that's
why
I
prefer
asking
if
there
is
something
important
to
deliver
tomorrow,
for
you.
A
D
D
So
we
decided
to
to
implement
this
method
only
on
azure,
since
aws
has
sensitive
secrets
like
subs
or
others
and
joining
the
slack
community.
I
noticed
we
can
also
use
an
experimental
feature
allowing
us
to
estimate
cost
from
from
the
hcl
file
directly,
so
no
access
to
zplan
and
no
access
to
any
secret
or
sensitive
value.
D
D
Seeing
forecast
engineer
tell
me
that
there
weren't
sure
the
result
would
be
exactly
the
same,
so
it's
experimental
for
now,
but
yeah
in
my
request
has
been
merged
and
we
have
to
see
on
the
next
aziran
aws
pull
request
to
see
their
results
in
the
reports.
A
Thanks
survey,
I
just
realized
that
we
might
have
inverted
aws
and
azure
because
we
don't
have
any
terraform
sensitive
outputs
on
the
aws
terraform
project.
While
since
this
morning
we
have
on
the
azure
project,
we
have
the
output
that
exports
the
database,
so
the
sensitive
outputs
are
stored
inside
the
plan
that
mean
we
cannot
be
totally
sure
that
this
data
could
not
be
exfiltrated
to
their
sas.
So
that's
why
we
said
maybe
on
some,
hence
the
hcl
change,
so
we
might
have
to
change
the
pipeline
library.
A
A
A
G
A
Okay,
but
since
james
has
approved
your
pipeline
library
fix
last
week,
I
assume
that
it
should
be
okay.
Could
you
just
check
in
private
on
the
cloud
business
channels,
because
remember
there
were
only
two
person
from
club
b's
so
on
the
the
virtual
machines
agent
we
already
have,
and
there
is
a
pull
request
on
the
containers.
A
A
We
will
build
on
top
of
the
community
image
and
we
will
add
our
own
settings
because
sometimes
we
want
some
settings
like
the
linux
image
currently
same
for
windows,
we
will
want
to
have
some
specific
settings
on
our
images
that
would
impact
the
image
if
we
contribute
so.
Hence
we
need
to
be
able
to
build
windows
docker
container
on
infrasi.
A
A
A
C
So
that
one
is
docker,
inbound
agent
built
is
builds
on
top
of
docker
agent,
so
it
uses
a
release
version
of
docker
agent.
So
if
you
go
to
the
docker
agent
release
and
github
damien
correctly,
not
no,
not
this
one
docker
agent,
not
docker
inbound
agent,
so
you'll
see
it's
got
411
413-1.
But
if
you
see
the
one
below
it's
411
2-5,
so
that
number
there
is,
if
we
ever
need
to
build
against
a
newer
version
of
docker
agent
from
docker
inbound
agent.
That
version
needs
to
be
bumped.
C
It's
normally
one,
but
occasionally
we
build
against
a
newer
version.
So
the
left
hand
side
is
remoting
and
the
right
hand.
Side
is
the
image
version.
G
Yeah,
so
it's
the
last
digit
is
considered
yeah
when
it's
going
from
four
to
one
okay,
there's.
C
A
C
C
Okay
yeah,
it's
kind
of
manually
managed
because
it's
the
kind
of
unrelated
images
it
can
be
managed
by
update
cli.
But
apart
from
that.
A
Yeah
yeah.
Another
thing
is
that
we
are
dealing
with
a
windows
container
and
docker
bake
and
the
buildings
aren't
able
to
use
double
baked.
A
D
G
A
C
A
H
A
B
D
Yep
we
have
to
contact
scaleway
to
ask
them.
A
And
we
have
the
monitor
build
on
our
private
instance.
So
that's
something
that
came
from
daniel.
That's
an
idea
of
to
be
sure
that
we
monitor
untrusted
ci
when
some
of
the
most
important
builds
are
failing.
A
So
we
already
have
something
like
this
for
the
blade
center.
We
have
the
data
dog
monitor
that
check
the
last
build
time
of
the
season
generated
by
the
update
center,
and
if
it's,
if
it's
more
than
one
hour
or
two,
I
don't
remember,
then
it
will
start
sending
alerts
and
at
a
certain
threshold
will
start
page
page
uts.
A
So
that
will
be
the
same
idea
having
an
external
regular
process.
They
will
check
a
json
file
somewhere
and
danielle
said.
Okay,
we
should
have
a
crown
job
on.
That
instance
would
be
the
same
for
release
ci,
though
that
will
export
a
json
file
with
only
a
strict
subset
of
information.
Why
not
using
github
check
or
notification?
A
B
B
B
B
A
So
I
think
we
have
oh
no
so
scale
where
I'm
removing
the
milestone.
We
can
close
this
week.
My
yeah
this
week
milestone.
A
There
were
two
other
topics,
the
first
one
from
our
terrier,
so
they
they
bumped
us
about.
If
we
were
able
to
evaluate
the
security
requirements,
we
haven't
had
that
time,
but
yeah.
I
understand
they
won't
have
any
bandwidth
until
the
14th.
So.
B
So
we
probably
owe
tim
an
explanation.
This
is
one
tim
that
I
launched.
An
exercise
didn't
invite
you
to
the
invitation
on
on
a
session.
Archera
is
a
company
that
does
an
ai
based
cost
open,
optimization
of
cloud
resources
and
they
offered
a
a
a
free
and
hey
we'll
support
your
open
source
project
effort
to
the
jenkins
project
that
we
started
a
conversation
with
them.
So
sorry
that
this
is
a
a
new
one
for
you,
I'm
sure,
but
what
it
was
was
a
an
exercise.
B
Is
there
a
way
to
get
somebody
who
could
help
pred
help
us
with
finding
cheaper
ways
to
do
what
we're
doing
on
jenkins.io
and
they've
got
some
techniques
that
they
were
interested
in
and
the
permissions
they
were
requesting
looked
pretty
simple
and
safe,
but
we
don't.
We
don't
want
to
do
anything
with
it
until
the
security
teams
told
us.
Yes,
that's
simple
enough
and
safe
enough.
C
B
A
A
And
if
it's
okay,
I
will
take
care
of
synchronizing
with
the
deck
on
that
and
sending
them.
Unless
someone
wants
to
okay,
one
two:
okay
go
array
on
digitalocean,
so
it
sounds
like
that.
We
have
for
used
half
of
the
credits.
D
Yeah
and
we
currently
consume
about
one
thousand
dollars
per
month,
so
we
might
need
to
contact
them
to
see
if
they
are
okay
to
sponsoring
us.
B
B
F
C
B
C
Heard
that
we
were
volunteering
stephanie
to.