Login

NextGenTrigger Task 1.7 Meeting

Europe/Zurich
40/R-D10 (CERN)

40/R-D10

CERN

20
Show room on map
NGT Task 1.7
Zoom Meeting ID
65606242618
Host
Axel Naumann
Alternative hosts
Andrea Bocci, Attila Krasznahorkay
Useful links
Join via phone
Zoom URL
    • 09:30 09:35
      Project updates 5m
      Speakers: Dr Andrea Bocci (CERN), Attila Krasznahorkay (University of Massachusetts (US)), Axel Naumann (CERN)
    • 09:40 10:20
      Reports and updates 40m
      Speaker: All
      Drone_Racing_Zeh

      Harbor Container Registry (plays the role of Dockerhub)

      • Created a registry called ngt-wp1.7https://registry.cern.ch/harbor/projects/3795/repositories
      • Admin access for everyone in the e-group ngt-wp1-task1-7
      • Images are scanned for vulnerabilites on push
      • Pushing an image of the same name and tag will overwrite the image (retention policy due to 20 GB quota)
      • Everyone can pull without login, e.g. docker pull registry.cern.ch/ngt-wp1.7/wp1.7-soa-wrapper:latest
      • How to push: docker login registry.cern.ch
        • In terminal, run: docker login registry.cern.ch
        • Username is the Cern username
        • Password is NOT the Cern password
        • Instead go to the web interface (link above), top right corner --> User Profile --> Copy CLI secret.
        • After successful login, run e.g. docker push registry.cern.ch/ngt-wp1.7/wp1.7-soa-wrapper:latest
      • A robot account robot-ngt-wp1.7+github was created to push from Github actions.

      GitHub repos naming convention (only a proposal)

      REPONAME is a placeholder e.g. for "soa-wrapper". For a GitHub action (e.g. for testing), we set up two repos:
       
      1. wp1.7-REPONAME (contains the code)
      2. wp1.7-REPONAME-image (contains a Dockerfile)
       
      One repo manages the GitHub action image of the other. More precisely:
       
      • The second repo has a GitHub action that builds a docker image called wp1.7-REPONAME:latest and pushes it to our registry on harbor.
      • The first repo has a GitHub action that runs in the container wp1.7-REPONAME:latest. This container needs all the dependencies installed.
       

      GitHub Actions

      We can now run GitHub actions on our private runners. Check the following two repositories for an example.
       
       
      Actions run by pull requests from forked repos need approval from a repo maintainer before they are run.

       

      Permissions (only a proposal)

      • We create a GitHub group on cern-nextgen called wp1.7.
      • We give maintainer access to this group for every wp1.7-* repo.
      • In this group we put every engineer that works on wp1.7 code.

      Moreover, we give admin access to Ricardo Rocha on organization level. Otherwise he cannot debug the runners.

    • 10:25 10:30
      AOB 5m
Powered by Indico v3.3.7-pre