| 22 May 2025 |
 Matt Sturgeon | I'm unfamiliar, would that create a token for doing things as the "app"?
I feel like that'd count as doing things "as a bot" and therefore still wouldn't trigger on:push workflows.
If it does trigger workflows on PRs pushed to by this app token, then that may be neater.
Is this what you do in Stylix for updating your lockfile? | 23:17:33 |
 danth | Yeah, it can trigger workflows like normal, and everything it does shows up as the bot user (example here.It's also a bit more secure since you can fine tune permissions on the app and the generated tokens only last for 1 hour | 23:27:18 |
| danth | * Yeah, it can trigger workflows like normal, and everything it does shows up as the bot user (example here).
It's also a bit more secure since you can fine tune permissions on the app and the generated tokens only last for 1 hour
| 23:27:26 |
| Matt Sturgeon | Ah thanks. That definitely looks like a better approach.
I also see it listed as one of the workarounds here: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
I'll try to find time to look into it with @glepage:matrix.org, as I don't have the right permissions for setting up apps or secrets myself. | 23:32:39 |
| 23 May 2025 |
 zowoq | I can set up a nix-community owned github app for this if you want, a few other repos are already using their own app with create-github-app-token. | 03:17:15 |
| Matt Sturgeon | Thanks, that'd be great 😃 | 03:20:59 |
| zowoq | Done. It has permissions for PRs, app id and key are set in the repo secrets and variables. | 03:48:30 |
 Gaétan Lepage | Thanks a lot zowoq | 07:47:06 |
|  @bombeuler:fedora.im joined the room. | 08:27:46 |
| @bombeuler:fedora.im left the room. | 08:27:55 |
| Matt Sturgeon | Thanks! | 18:21:30 |
|  divit joined the room. | 20:59:58 |
| 24 May 2025 |
 emily | 09:38:56 up 8:56, 3 users, load average: 165.47, 75.01, 30.85
| 09:39:24 |
| emily | this is on the x86 Linux box with 24 cores | 09:39:28 |
| emily | do we have any way of setting up cgroups to limit the total number of cores a given builder user can use or is it hopeless because it all goes through the daemon? | 09:40:17 |
| emily | maybe some way of hard-limiting the jobs/cores the daemon will accept? | 09:40:45 |
| emily | 7× overloaded is really a bit much… | 09:41:03 |
| emily | every time I check the builders to go to use them they're either completely/almost unused or completely dying from load | 09:41:54 |
| emily | I don't think expecting people to check uptime and choose parallelism settings considerately based on utilization is working out | 09:42:30 |
| emily | maybe it would be a good idea to disable the remote builder protocol entirely so that it has to be used by SSHing in and random Nix commands won't inevitably overload the builder due to bad remote builder configuration? | 09:43:11 |
| emily | I really value the builders as an invaluable shared resource but for the last several months the load balancing has really been messed up. just trying to figure out how we can make them usable as a shared resource | 09:44:04 |
| Gaétan Lepage | In reply to @emilazy:matrix.org
09:38:56 up 8:56, 3 users, load average: 165.47, 75.01, 30.85
@matthias? | 09:48:37 |
| emily | not sure if he is on Matrix? | 09:48:54 |
| emily | it's now 11× overloaded. I'm going to try wall | 09:49:20 |
| emily | not sure if that actually went through since I'm not root, but I sent a wall | 09:51:05 |
| Gaétan Lepage | Is there a way to restart the daemon on the darwin builder? Some derivations are locked, but they should have been cancelled. | 09:55:28 |
| zowoq | Restarted. | 12:10:27 |
| Gaétan Lepage | Thanks! | 12:10:34 |
| zowoq | Might be possible, I'll take a look. | 12:28:17 |
| zowoq | Could try this as well. | 12:28:29 |
