April 25th, 2022 Community Meeting

[qu1queee]

• Please add a topic in this thread and add a link to the GitHub issue associated with the topic.
• Please make sure you give folks enough time to review/discuss the topic offline on GitHub before coming into the meeting
• (optional) Paste the image of an animal 😸

[qu1queee]

• Discuss on Use shp as a kubectl plugin with Krew cli#102 and find consensus.
• On rotate drivers for the grooming session, per @otaviof comments on today's grooming.

[gabemontero]

bump on shipwright-io/cli#112

[SaschaSchwarze0]

Dependabot update.

🐗

[SaschaSchwarze0]

What's your definition of an insecure registry?

• HTTPS with self-signed certificate ?
• HTTP ?

🦔

[otaviof]

Status update on #68 proposal

🦄

[qu1queee]

🐶

[SaschaSchwarze0]

kubectl plugin for shp CLI

• Will mean that kubectl shp ... works
• Gabe: Challenges ?
• Otávio: no, only a PR against the plugin registry and release process extension to release a kubectl-shp binary
• Enrique: nice to have but maybe not urgent?
• Otávio: one gets visibility by being present in the plugin repository (which is here: https://krew.sigs.k8s.io/plugins/)
  -> we can target it for v0.10

Driver of grooming and community meetings

• Enrique: helps if somebody is ready in advance and looks at what needs to be groomed
• Sascha: combine it with the general Shipwright duty person that we discussed ? E: makes sense, but have not progressed on this
• Otávio: should we document the roles and responsibilities ?
• Next step: add document to community repo on definition of our meetings (purpose, role of host, etc) and use it to document who hosts when
  -> See issue: Add documentation about meetings #82

CLI PR on log following

• Plan: Otávio looks at Gabe's PR and we merge that one in and then address the other points in a follow-on PR by Otávio

Dependabot update

• Is enabled for Build repository
• We will wait for the first PR to see how well it opens PRs before proceeding with other repos
• What it updates? we have ignores for Kubernetes and Tekton (because of their interdependencies); Corey: it only updates in case of security-related findings
• Matthias: we could have a dependabot specific handling in the release notes generation
  -> See issue: Investigate Dependabot improvements wrt release notes build#1047

Insecure registry

• Otávio: insecure definately means that HTTPS without cert needs to be used; HTTP might require a different settings
• Adam: there might have been changes in the go-containerregistry, ko publish --insecure-registry falls back to HTTP for communication ko-build/ko#488
• Matthias: not remembering how it was in Docker Desktop
• Otávio: let's look around how other tools behave
• Baran: Docker CLI interprets insecure as everything that is not HTTPS with valid certificate = includes self-signed certificated and HTTP

Triggers ship

• Otávio pushed some changes this morning
• Ongoing discussions about status updates
• Labels vs annotations vs first-class fields discussion
• Please have a look