| 21 May 2025 |
|  sinan changed their profile picture. | 11:59:58 |
| sinan changed their profile picture. | 12:00:45 |
|  oddlama changed their display name from Malte to oddlama. | 17:42:01 |
|  @alanpearce:private.coffee left the room. | 19:05:02 |
|  @bloxx12:matrix.org left the room. | 21:30:09 |
| 22 May 2025 |
|  Perchun Pak [don't ping; dm instead] changed their display name from Perchun Pak to Perchun Pak [don't ping; dm instead]. | 13:50:43 |
 emily | Darwin builder is load avg ~19 (~6 of that is my fault though) | 13:53:52 |
 Matt Sturgeon | In Nixvim we've been using @glepage:matrix.org's PAT for pushing lockfile update PRs, because you need to push as a "real" user to trigger CI.
This gets a bit confusing sometimes, so we'd like to push those PRs as @nix-infra-bot instead. Would it be possible to add a Personal Access Token to our repo secrets, so we can have our CI use that token instead?
It would need write access to Nixvim, and ideally the secret would be named something like INFRA_BOT_TOKEN. | 22:31:09 |
 danth | FYI you can also install a GitHub app on the repo and use `actions/create-github-app-token` | 23:12:58 |
| danth | * FYI you can also install a GitHub app on the repo and use actions/create-github-app-token | 23:13:37 |
| Matt Sturgeon | I'm unfamiliar, would that create a token for doing things as the "app"?
I feel like that'd count as doing things "as a bot" and therefore still wouldn't trigger on:push workflows.
If it does trigger workflows on PRs pushed to by this app token, then that may be neater.
Is this what you do in Stylix for updating your lockfile? | 23:17:33 |
| danth | Yeah, it can trigger workflows like normal, and everything it does shows up as the bot user (example here.It's also a bit more secure since you can fine tune permissions on the app and the generated tokens only last for 1 hour | 23:27:18 |
| danth | * Yeah, it can trigger workflows like normal, and everything it does shows up as the bot user (example here).
It's also a bit more secure since you can fine tune permissions on the app and the generated tokens only last for 1 hour
| 23:27:26 |
| Matt Sturgeon | Ah thanks. That definitely looks like a better approach.
I also see it listed as one of the workarounds here: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
I'll try to find time to look into it with @glepage:matrix.org, as I don't have the right permissions for setting up apps or secrets myself. | 23:32:39 |
| 23 May 2025 |
 zowoq | I can set up a nix-community owned github app for this if you want, a few other repos are already using their own app with create-github-app-token. | 03:17:15 |
| Matt Sturgeon | Thanks, that'd be great 😃 | 03:20:59 |
| zowoq | Done. It has permissions for PRs, app id and key are set in the repo secrets and variables. | 03:48:30 |
 Gaétan Lepage | Thanks a lot zowoq | 07:47:06 |
|  @bombeuler:fedora.im joined the room. | 08:27:46 |
| @bombeuler:fedora.im left the room. | 08:27:55 |
| Matt Sturgeon | Thanks! | 18:21:30 |
|  divit joined the room. | 20:59:58 |
| 24 May 2025 |
| emily | 09:38:56 up 8:56, 3 users, load average: 165.47, 75.01, 30.85
| 09:39:24 |
| emily | this is on the x86 Linux box with 24 cores | 09:39:28 |
| emily | do we have any way of setting up cgroups to limit the total number of cores a given builder user can use or is it hopeless because it all goes through the daemon? | 09:40:17 |
| emily | maybe some way of hard-limiting the jobs/cores the daemon will accept? | 09:40:45 |
| emily | 7× overloaded is really a bit much… | 09:41:03 |
| emily | every time I check the builders to go to use them they're either completely/almost unused or completely dying from load | 09:41:54 |
| emily | I don't think expecting people to check uptime and choose parallelism settings considerately based on utilization is working out | 09:42:30 |
| emily | maybe it would be a good idea to disable the remote builder protocol entirely so that it has to be used by SSHing in and random Nix commands won't inevitably overload the builder due to bad remote builder configuration? | 09:43:11 |
