Wikimedia Release Engineering Team/Checkin archive/2022-12-07

= 2022-12-07 =



🏆 Wins

 * https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Monthly_notable_accomplishments
 * Dec '22 edition


 * Antoine replaced Docker with Podman
 * https://wikitech.wikimedia.org/wiki/Gitlab/Phabricator_integration
 * Provision Horizontal Pod Autoscaler (HPA) for GitLab cloud runners https://phabricator.wikimedia.org/T323164
 * certmanager for DO k8s registry
 * MW-ok-k8s routing traffic Soon™—our part works \o/ woo

🌻 Open source/Upstream contributions

 * https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Upstream

😶 Let's keep this empty

 * +1'd gerrit changes
 * Gerrit access requests

📅 Vacations/Important dates

 * https://office.wikimedia.org/wiki/HR_Corner/Holiday_List#2022
 * https://wikitech.wikimedia.org/wiki/Deployments/Yearly_calendar
 * https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Time_off

December

 * 9 Dec: Brennen out ½ day
 * 23 Dec: Christmas Eve (Observed in lieu) (US staff with reqs)
 * 24 Dec–31 Dec: Global end of year holiday
 * 23 Dec: Jaime
 * Exact days tbd: Chad is moving

January 2023

 * 2 Mon Jan: New Year's day observed
 * 16 Mon Jan: Martin Luther King Jr Day
 * 1-15 Jan: Jaime

February 2023

 * 20 Mon Feb: U.S. Presidents' Day

🔥🚂 Train

 * https://tools.wmflabs.org/versions/
 * https://train-blockers.toolforge.org/
 * https://wikitech.wikimedia.org/wiki/Deployments/Yearly_calendar


 * 22 Aug - wmf.26 - Antoine + Chad
 * 29 Aug - wmf.27 - Dan + Antoine (Brennen out)
 * 5 Sep - wmf. 28 - NOT Jaime ;) — Jeena + Dan (Brennen out 'til Tues)
 * 12 Sep - 1.40.0-wmf.1 – Ahmon + Jeena (Jaime, Brennen Out Wed)
 * 19 Sep - wmf.2 - Jaime + Ahmon
 * 26 Sep - wmf.3 - Brennen + Jaime
 * 3 Oct - wmf.4 - Chad + Brennen
 * 10 Oct - wmf. 5 - Dan + Chad (Monday holiday)
 * 17 Oct - wmf.6 - Antoine + Dan
 * 24 Oct - wmf.7 - Jaime + Antoine
 * 31 Oct - wmf.8 - Jeena + Jaime – Jaime out Monday
 * 7 Nov - No Train (Election Day Tues.; Veteran's Day Fri.)
 * 14 Nov - wmf.10 - Brennen + Jeena
 * 21 Nov - No Train (Thanksgiving Thu–Fri)
 * 28 Nov - wmf.12 - Ahmon + Brennen


 * 5 Dec - wmf. 13 - Chad + Ahmon
 * 12 Dec - wmf.14 - Antoine + Chad
 * 19 Dec - No Train
 * 26 Dec - No Train

Team discussions

 * via Dduvall: chatting with Bryan and he's wondering if we can give the toolforge GitLab group access to the cloud runners
 * WMCS runners are probably fine
 * /repos does
 * /toolforge-repos doesn't
 * DO runners aren't 100% done
 * Can they have their own runners?
 * Could foresee a world where you get a repo + runner from striker
 * Once reggie auth is done, let's open it up
 * is there a timeout we could set?
 * there's a hard hard limit on droplets at 100
 * and a smaller hard limit on the nodepools

What would we do if someone started abusing this?
 * How would we know?
 * What would we do? step-by-step


 * https://phabricator.wikimedia.org/T321458 Allow Javascript files from Wikimedia GitLab to be loaded as scripts in Wikimedia wikis
 * Upstream doesn't support this: https://gitlab.com/gitlab-org/gitlab-foss/-/blob/4bc4f06512620271a8d454b966e7f5c288a68829/app/helpers/blob_helper.rb#L138-145
 * There are a lot of reasons not to do it — security rated it as a "medium" and tgr summarizes points pretty well on https://phabricator.wikimedia.org/T321458#8449534
 * My question is: is there a world where we could/should maintain patches on-top of GitLab?


 * Sprint stuff
 * Sprint will continue until Mon 19 Dec
 * https://docs.google.com/document/d/1_KLFegUSPNiciTAUwBcvFxOIphLg4NrU1KeYMrFMDS0/edit#