| 4 Jun 2024 |
 K900 | How are we doing on the binary cache thing btw? | 14:58:39 |
| K900 | My rk3588 is dying | 14:58:41 |
 raitobezarius | i feel like we should really track nixpkgs and add a new CI job with Buildbot | 16:01:30 |
| raitobezarius | and push to the cache | 16:01:32 |
 Lunaphied | Agreed, at least for now until a better solution is proposed I would like that to be implemented, not sure if I understand enough to do it myself though | 17:00:32 |
 thubrecht | The easiest is to have a recurring job that fetches nixos-{unstable,24.05} each ~3 hours and compiles lix given those inputs | 17:05:12 |
 Qyriad | In reply to@raitobezarius:matrix.org
i feel like we should really track nixpkgs and add a new CI job with Buildbot Kate made an excellent point a bit ago which is that there's no real reason for our binary cache CI and our "does this CL break anything" CI to be the same thing, and given how insecure Nix builds are, maybe even good reason to not have that | 19:19:44 |
 @irenes:matrix.org | good point | 19:20:40 |
| Qyriad | Since like, anyone can push a CL and run an arbitrary derivation build on all our builders | 19:20:56 |
| @irenes:matrix.org | yes | 19:21:11 |
| Qyriad | But this also means that the contraints that led us to choosing Buildbot for Gerrit CLs don't apply to binary cache builds | 19:21:41 |
| Qyriad | (cc @raitobezarius again just so he sees this whenever he's around) | 19:22:27 |
| raitobezarius | In reply to @qyriad:katesiria.org
Kate made an excellent point a bit ago which is that there's no real reason for our binary cache CI and our "does this CL break anything" CI to be the same thing, and given how insecure Nix builds are, maybe even good reason to not have that i meant to build a specific branch regularly on the top of a set of channels | 19:39:21 |
| raitobezarius | not arbitrary CLs | 19:39:24 |
| raitobezarius | does your concern about the security still apply in this context? | 19:39:31 |
| raitobezarius | i'd assume that merged contents is assumed to be trusted | 19:39:40 |
| raitobezarius | hm | 19:39:50 |
| raitobezarius | but it's right we are still using it for arbitrary CLs | 19:39:57 |
| raitobezarius | so maybe there could be manipulation to push certain store paths even if the CI for arbitrary CLs wouldn't push to cache | 19:40:11 |
| raitobezarius | maybe in that case, what we can do is to have GHA infrastructure perform regular builds and push it to our cache? | 19:40:34 |
| Qyriad | In reply to@raitobezarius:matrix.org
i meant to build a specific branch regularly on the top of a set of channels what we mean is that building a specific branch regularly can perfectly reasonable be a different CI system than our CL CI system | 23:47:20 |
| Qyriad | * what we mean is that building a specific branch regularly can perfectly reasonably be a different CI system than our CL CI system | 23:47:27 |
| Qyriad | In reply to@raitobezarius:matrix.org
maybe in that case, what we can do is to have GHA infrastructure perform regular builds and push it to our cache? that would work | 23:47:35 |
| 5 Jun 2024 |
 delroth | In reply to @qyriad:katesiria.org
what we mean is that building a specific branch regularly can perfectly reasonably be a different CI system than our CL CI system hydra? </hides> | 00:07:54 |
| delroth | In reply to @qyriad:katesiria.org
what we mean is that building a specific branch regularly can perfectly reasonably be a different CI system than our CL CI system * hydra? /hides | 00:08:01 |
| delroth | (I'm only like 40% non-serious, hydra is kinda designed for this use case, it can monitor several git inputs for changes and knows how to push stuff to an S3 cache) | 00:08:56 |
| Qyriad | Yes honestly we think Hydra is, unfortunately, a reasonable choice here | 00:09:49 |
| Qyriad | Though I think we should maybe evaluate other options too | 00:10:03 |
| Qyriad | Oh dear, @⚠️ eldritch horrors operating in this area ⚠️ the reason that {{#include}} doesn't work in src/nix/nix.md is that, specifically for the nix --help manpage, and not for HTML nor for the manpage placed on disk, those markdown files never actually go through docbook?? | 00:27:13 |
| Qyriad | Oh dear, @⚠️ eldritch horrors operating in this area ⚠️ the reason that {{#include}} doesn't work in src/nix/nix.md is that, specifically for the nix --help manpage, and not for HTML nor for the manpage placed on disk, those markdown files never actually go through mdbook?? | 00:27:19 |
