ChanServ changed the topic of #freedesktop to: https://www.freedesktop.org infrastructure and online services || for questions about freedesktop.org projects, please see each project's contact || for discussions about specifications, please use https://gitlab.freedesktop.org/xdg or xdg@lists.freedesktop.org
<bentiss>
eric_engestrom: the "For Maintainers part"
<eric_engestrom>
(manually made the issue confidential in the mean time)
<bentiss>
eric_engestrom: feel free to register any other projects
<eric_engestrom>
bentiss: thanks, I'll read this, I only skimmed it earlier and just kept "apply label 'spam' and the rest is automatic" :P
<bentiss>
eric_engestrom: someone needs to add the webhook to the project, and it's painful for maintainers to do, so we built an automated process for it :)
<bentiss>
painful to admins actually, because there are some git pushes commands that can only be run by admins
samuelig has quit [Ping timeout: 480 seconds]
<eric_engestrom>
when you say "for maintainers", is that the Maintainer gitlab access level, or just short-hand for anyone from the project?
<eric_engestrom>
eg. I'm Developer in the mesa group, can I run this myself, or do I need to ask someone who has a higher access level?
<bentiss>
eric_engestrom: maintainer in the project IIRC
<eric_engestrom>
ok, thanks :)
<bentiss>
huh, I would have thought that there would have been more maintainers for mesa
<eric_engestrom>
marge's queue is quite big, it might be good to unassign some of these so that the farm disablement happens first
<daniels>
eric_engestrom: thanks!
<daniels>
right, do you want me to unassign and reassign everything or did you want to do that?
<eric_engestrom>
daniels: you're welcome to; I was going to open each MR to see which one would trigger a job on our farm, but maybe you'll be quicker at doing this
<eric_engestrom>
(eg. there's a bunch of amd MRs that I expect we can leave alone, for instance)
<daniels>
eric_engestrom: tbh I don't bother with anything so granular, I just mass-unassign and reassign :P
<eric_engestrom>
haha
<daniels>
most of the AMD ones ended up touching common code I think, because I just put them back into the queue as they got taken out by fdno issues
<eric_engestrom>
ack
<eric_engestrom>
also daniels, thanks for the Maintainer role; more responsibilities, yay :D
<eric_engestrom>
I'll do the spam thing for mesa/mesa3d.org
<daniels>
haha, thanks - please feel free to do it for the others as well ;)
<daniels>
I'm stuck doing a bunch of other things this afternoon
* bentiss
looks forward having an actual guinae pig for damspam... :)
<eric_engestrom>
is there a way to have a list of projects already registered?
* eric_engestrom
assumes mesa/mesa is already done, for instance
<bentiss>
eric_engestrom: yes, it's empty :)
<eric_engestrom>
hehe
<eric_engestrom>
my question was: is that list something we can see?
<bentiss>
eric_engestrom: only libinput/libinput, libinput/libei and pulseaudio/pulseaudio IIRC
<eric_engestrom>
ack, I'll do mesa/*
<eric_engestrom>
btw, did anyone look into making that list of farms live in a different repo? we've talked about it a few times, but I think that's kind of it
<bentiss>
eric_engestrom: no public list no... admins can have a look, but there is the super secret token attached to it, so not something we can share easily
<eric_engestrom>
right, then I guess asking here will be the way to go
<bentiss>
we can think of a way to extract it, but OTOH, a maintainer can just go the the project settings, and see if there is a webhoook registered
<eric_engestrom>
for damspam, does the token created need to be kept after running the commands on my side, or is it only needed while I run the script?
<bentiss>
eric_engestrom: yep, just for you to make the request.
<bentiss>
so use a short live token, and delete/revoke it after having run the various commands
<bentiss>
the token is just here to submit an MR on your behalf, so we can check that the requet comes from a maintainer of the project
<bentiss>
not an MR, an issue
Leopold_ has quit [Ping timeout: 480 seconds]
<bentiss>
eric_engestrom: damn, looks like the request is not properly handled
<bentiss>
I do see damspam getting called, but it's output is "", so I guess there is something wrong
<eric_engestrom>
you mean when I'm running it?
<bentiss>
eric_engestrom: basically, when you call that command, it creates a new issue on fdo-bots. Then there is a webhook there that runs damspam with admin privileges, and that new run returns early
<bentiss>
eric_engestrom: I'll try to deal with that an replay the events so it gets activated
<eric_engestrom>
ack
<eric_engestrom>
let me know if I should retry something
<bentiss>
eric_engestrom: ack
damian has quit [Read error: Connection reset by peer]
damian has joined #freedesktop
<bentiss>
eric_engestrom: they all went in, except for mesa3d.org, which is the one you need now :)
<bentiss>
eric_engestrom: would you mind retrying the mesa/mesa3d.org?
<MrCooper>
bentiss whot: does damspam have precautions against the spam label getting applied e.g. accidentally to a non-spam issue?
<bentiss>
MrCooper: yes, ther are basic protections
* bentiss
tries to find which part of the code
<eric_engestrom>
bentiss: sure
<eric_engestrom>
bentiss: done
<bentiss>
Request processed successful :)
<eric_engestrom>
yay :D
<eric_engestrom>
(*successfully, if you want to fix the typo in your script :P)
<bentiss>
eric_engestrom: that list works-ish actually. If the request has been declined, the project will still appear
<bentiss>
we could also add a label for OK/denied so it is public
<eric_engestrom>
I added the assignee in the query because I thought it would catch that :]
<eric_engestrom>
but IMO that's enough, if someone wants to check they'll go there, look for their project, and open the isuse if they want to know more
<eric_engestrom>
(I assume if it's rejected there's a comment stating so and why, right?)
<bentiss>
you have been led to this because I manually removed the assignee for the tests on mesa3d.org. But when the request is denied, the assignee is still spambot
<bentiss>
daniels: heh, too many requests in parallel :)
<bentiss>
daniels: I would suggest to just redo the damspam call :)
<daniels>
heh, too many to the webhook, or?
<bentiss>
daniels: basically you DoS with webhook requests :) Each addition of the webhook to a project takes roughly 5 seconds, so if you request for more, then the internal git push to both fdo-bots and secrets will fail
<alanc>
eric_engestrom: the deployment process for https://www.x.org/releases/current/doc/ is highly manual, and it's been years since I've done it, so I've forgotten the details.
<alanc>
someday we should hook it up to a gitlab pipeline
<eric_engestrom>
bentiss: thanks! probably something that can be written down in the docs :)
<eric_engestrom>
alanc: right, but... does that mean it's been broken for years? 😅
<alanc>
quite possibly - not sure how often anyone looks at the xcb man pages there
<bentiss>
daniels: the "Spam" label is case sensitive IIRC. I've fixed the ones your created
<MrCooper>
should it be "SPAM®" to avoid trademark lawsuits? ;)
<MrCooper>
(BTW, I have eaten SPAM®, it's not as good as it might look)
<bentiss>
heh
<eric_engestrom>
bentiss: yeah, the api is case-sensitive for labels, I got bit by that in the past
<bentiss>
well, we could be case insensitive when we process the webhook, but IIRC whot went for the simplest solution :)
<eric_engestrom>
bentiss: "too bad we can not use the scoped label from gitlab" -> ?
<eric_engestrom>
yeah I know, I've used them, but I don't understand why you say we can't use them?
<bentiss>
"Premium"
<eric_engestrom>
oh
<eric_engestrom>
missed that
<eric_engestrom>
:]
<eric_engestrom>
daniels: iirc at some point there was a discussion about having gitlab give us a free premium license since we're all open-source; was there a conclusion to that, or did it fall through the cracks?
<daniels>
eric_engestrom: they offered it to us right at the very start, and we decided to decline it so we weren't beholden to proprietary stuff
<eric_engestrom>
oh ok
<eric_engestrom>
I'm not sure I agree with that decision, but ok, it's been decided
<glehmann>
yeah so looks like marge didn't react when the pipeline was completed two times in a row
<daniels>
Venemo: np!
<daniels>
lemme see if we can bottom out the Marge bug … stoney at least should be fixed this week we hope
mvlad has quit [Remote host closed the connection]
i-garrison has quit []
i-garrison has joined #freedesktop
<eric_engestrom>
emersion, dcbaker: "/app/cbuild: line 1: Internal: command not found" is because it tried to download the binary from the artifacts but got a 500 "Internal Server Error" and the error message ended up as what's downloaded into the file, now interpreted as a script trying to run the command `Internal`
<eric_engestrom>
emersion, dcbaker: in other words, it's another variant of the 500 issues that have plagued the gitlab servers for a while now
danvet has quit [Ping timeout: 480 seconds]
vkareh has quit [Quit: WeeChat 3.6]
<alatiera>
when did scoped labels made it into core
nehsou^ has joined #freedesktop
thaller has quit [Ping timeout: 480 seconds]
<daniels>
eric_engestrom: *the S3 servers
<daniels>
but yeah :)
<bentiss>
quick update on the S3 errors: we had 2 disks that were showing quite issues (a lot of restarts, sall operations). On Sunday I upgraded rook and then ceph, but also marked those disks as out from the cluster. The rebalanced happened, and now other disks are showing the same symptoms
<bentiss>
I re-enabled the previously failing disks, and they behave properly
<bentiss>
so we have data in the S3 storage that ceph is not happy about
<bentiss>
I suspect the backups as they are huge
* bentiss
goes to bed FWIW
<daniels>
bentiss: thankyou! I wonder if we could use their cold storage for backups …
<whot>
eric_engestrom: fwiw, I picked "Spam" because it was the only spelling that already existed (pulseaudio) and it's a lot easier to get everyone to use the same label (esp. once it was created) than not have bugs in the label spelling code :)
<whot>
MrCooper: right now the checks are: account must be less than 6m old and conversation max of 2 ppl. there can be more, but it'll be an arms race anyway so I'd rather fix specific ways they're trying to circumvent us than come up with elaborate schemes that aren't needed. the account age check is the prime safety feature so you can't just randomly block established users