Here is a summary of what the team did during the last sprint. Regarding our contributions to Zuul and Nodepool:
* We proposed a Docker compose PoC upstream so that people can test out the authN/Z feature. A video was shared on the zuul-discuss ML. https://softwarefactory-project.io/static/zuul_jwt_demo.mkv * We continued the work on the zuul-operator: added rdms and auto-scalling for executor and merger. To improve that implementation, we proposed a new Ansible module: https://github.com/ansible/ansible/pull/55029 * We added allowed-label restriction to the zuul API: https://review.opendev.org/653895 * Finalized the Zuul/Pagure driver https://review.opendev.org/604404/ Regarding Software Factory: * We investigated a sf-operator to deploy gerrit and re-use the zuul-operator by re-using the sfconfig and arch file as the custom resource spec to simplify the migration process. * We updated the etherpad, disk-image-builder, and zuul version to include a security fix: https://www.softwarefactory-project.io/software-factory-32-new-zuul-update-for-security-fix.html * We simplified the purge-logs script. The previous version was unable some king of periodic jobs logs. * We added the local tenant with dedicated SF config repository feature in SF * We converted all playbooks we use in sf-ci in ansible roles. The next step is to create multinodes/multitenants ci jobs, it will be easier with roles. * We enforced sshd configuration for ci instances following ssh guidelines https://infosec.mozilla.org/guidelines/openssh * We merged the changes to cauth and sf-config allowing the creation of a JWT for zuul with groups info. The SF team
_______________________________________________ Softwarefactory-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/softwarefactory-dev
