IRC Logs of #freedesktop on irc.freenode.net for 2023-05-02

09:43 bentiss: damn, https://docs.gitlab.com/ee/update/deprecations?removal_milestone=16.0#old-versions-of-json-web-tokens-are-deprecated -> we will need to do changes in the gitlab-ci.yaml whenever we want to copy something on s3.fd.o
09:45 bentiss: also, FWIW, https://docs.gitlab.com/ee/update/deprecations?removal_milestone=16.0#postgresql-12-deprecated which means we will have a downtime somewhere in end on May/June
10:44 mupuf: bentiss: thanks for the heads up!
10:45 mupuf:needs to file an issue there to say that the new way of handling running is great, but we can't be expected to hand out admin tokens to people who want to expose their runners at the instance level
10:49 emersion: what can people do with instance-wide CI runner tokens, apart from registering new runners?
10:49 emersion: i suppose register a default runner and then steal CI secrets maybe?
10:51 mupuf: emersion: the whole runner thing will be reworked. Users will registers runners via their own user
10:51 mupuf: and only admins will be able to create instance-wide runners
10:52 emersion: isn't that already the case?
10:52 mupuf: no, admins can give you a registration token, and then you can register anything you want
10:52 mupuf: if you want to replicate that with the new way of doing things, they would have to give you an admin API token
10:52 emersion: oh, i see
10:52 mupuf: ... which means full access to everything, not just runners
10:53 emersion: they're changing things up
10:53 emersion: that would affect me as well, i have instance-wide runners for sr.ht
10:53 mupuf: no worries, the existing runners won't go away fast
10:53 emersion: hm, not great
10:53 mupuf: nor will they deprecate the old ways fast
10:53 mupuf: but... that's the plan
10:53 emersion: and there is no "runner" scope?
10:54 mupuf: no, API is RO or RW, no inbetween
10:54 emersion: yeah but there are scopes for various other things already
10:54 mupuf: that's why I was thinking they could add a boolean to allow users to register instance-wide runners
10:54 emersion: e.g. "read_registry"
10:55 mupuf: yeah, that's another option
10:55 mupuf: I'll let them decide what they prefer :D
10:55 emersion: okay. would be really nicer to have something at least
14:38 tintou: The `aarch64` runner is not happy (I'm getting "Cannot connect to the Docker daemon […] Is the docker daemon running?")
15:04 bentiss: tintou: restarted podman on arm-7, thanks!