 | Hydra | 391 Members |
| 109 Servers |
| Hydra | 391 Members |
| 109 Servers |
| Sender | Message | Time |
|---|---|---|
| 10 Apr 2022 | ||
 tilpner | does hydra allow job prioritisation? if I could make sure the staging variant always builds first, and then rely on the production build being cached from a previous evaluation, that might work | 14:43:44 |
| tilpner | ahh, there's schedulingPriority | 14:45:17 |
| tilpner |
| 14:45:38 |
 tomberek | what might be accepted upstream is to specify only particular jobs to be built. Something like "in flake.nix build hydraJobs.production" | 14:48:52 |
| tomberek | (versus, "build every hydraJob in the flake") | 14:54:50 |
| tilpner | that's a slightly restricted version of https://github.com/NixOS/hydra/pull/1143, so maybe that'll be accepted as well. and graham's reaction in #1154 didn't seem opposed to the feature | 14:56:13 |
| tomberek | Yup | 14:57:00 |
| tomberek | As we get closer to a 3.0 release with stable flakes, hydra support will improve. | 14:57:31 |
| tomberek | Eg: better input tracking exposed, or lockless eval, attribute builds, and so forth. | 14:58:17 |
| tilpner | Lockless eval (with configurability over which inputs to unlock) sounds nice, though very at-odds with the current extremely hermetic evaluation. Thank you very much for helping me narrow down my options, tomberek, and thank you cransom for describing how you do automatic deployments. I appreciate talking about this issue with someone else, after guessing about for a few days :) | 15:00:41 |
 @max.hausch:helsinki-systems.de joined the room. | 15:01:42 | |
| tomberek | another possibility.... what is the thing that watches the jobsets and triggers a deployment to prod? | 15:02:57 |
| tilpner | In reply to @tomberek:matrix.orgfor now, it's just a small systemd timer that polls the most recent job output path with curl, but if this setup proves itself, I'm up for switching that for hydra's (dynamic) RunCommand plugin, or even listening for job completions with postgres listen/notify | 15:08:43 |
 cransom | i'd like to do some things like automatically follow nixos-21.11/release in my deploy jobs, except we (our app code, not nixpkgs) don't have adequate testing to make that an automatic feature. unattended production deployments without a good test gate isn't something i'll do. | 16:30:37 |
| cransom | the app code between prod/staging doesn't change, but that's a different beast when you get to doing deployments. there's nothing i can cache between staging/production because i deploy fully baked disk images into aws. if it was a generic disk image with different variables pulled in from aws metadata/user-data calls, that's possible. | 16:32:39 |
| tilpner | yes, I wouldn't be brave enough to do completely unattended deployments with an unlocked nixpkgs input. at least with application inputs, someone pushed the commit to the application repo that triggered the deployment, but changes to nixpkgs happen all day, even at night, and there'd be no way to react to a broken deployment :c | 16:40:54 |
| tilpner | * yes, I wouldn't be brave enough to do completely unattended deployments with an unlocked nixpkgs input. at least with application inputs, someone pushed the commit to the application repo that triggered the deployment and would probably notice breakage and fix it quickly, but changes to nixpkgs happen all day, even at night, and there'd be no way to react to a broken deployment :c | 16:41:29 |
| cransom | i'd be ok if we had a staging environment where those tests happend and if passed, it goes to production. i don't have that, but that's not a nix/nixpkgs problem. i'd love automatic deployment for any random security vulns/bug fixes that come up. | 16:45:59 |
 bitmapper | In reply to @ma27:nicht-so.sexyi ended up just setting up a cloudflare firewall | 23:43:13 |
| 11 Apr 2022 | ||
 @ulrikstrid:matrix.org | Was there a PR fixing hydra on unstable? | 07:23:39 |
| @ulrikstrid:matrix.org | Maybe a better question, is there a nice way of getting hydra than just using the standard package in unstable? | 07:27:41 |
 Rick (Mindavi) | There's this: https://github.com/NixOS/nixpkgs/pull/160202 | 07:38:24 |
| Rick (Mindavi) | In reply to @ulrikstrid:matrix.orgYou could use the flake, if you don't mind using them | 07:38:59 |
| @ulrikstrid:matrix.org | I'm on flakes already so I'm trying to figure out how to use that currently :) | 07:39:23 |
| @ulrikstrid:matrix.org | Well, I'm using flakes for my configuration(s), so I'm trying to figure out how to use the hydra flake is what I meant | 07:39:47 |
| @ulrikstrid:matrix.org | I'm trying to build a repo that uses a bunch of But I still get failures because I can't access urls in restricted mode. Is this the wrong config? | 11:49:48 |
| tilpner | In reply to @tomberek:matrix.orgtomberek: do you still remember what you were going to suggest here? I'm curious about any options I might've missed :) | 14:48:42 |
| tilpner | In reply to @bitmapper:amber.teldoesn't that mean your hydra could still be accessed directly (bypassing cloudflare) without login? unless you're using some tunnelling solution, and it's not publicly accessible... | 14:49:27 |
 ma27 | In reply to @bitmapper:amber.telthat's perfectly fine as long as you'd like to protect your entire instance. I explicitly wanted to have both public and private things. | 18:21:11 |
 @pedrohlc:mozilla.org left the room. | 19:29:07 | |