TSC Meeting (10 Oct 2023) - Fixing builds, Upstream dependencies, stackstorm.com, Python difficulties, new OS support

arm4b commented 11 months ago

October 2023 @StackStorm/tsc 1 hour meeting:

Tuesday, 10 October 2023, 09:30 AM US Pacific / 06:30 PM EU CET
See https://github.com/StackStorm/community/issues/33 for the schedule and how to join
TLDR; Jitsi link: https://meet.jit.si/StackStormTSC

Meeting Agenda

Fixing the 🔴 broken st2 builds (help wanted, needs volunteers) (10mins)

WIP: Let's fix the builds (Updated 06 Nov):

[x] st2
- https://github.com/StackStorm/st2/pull/6036 - thanks to @FileMagic
- https://github.com/StackStorm/st2/pull/6046 - thanks to @FileMagic
- https://github.com/StackStorm/st2/pull/6045
- https://github.com/StackStorm/st2/pull/6048
[x] orquesta
- https://github.com/StackStorm/orquesta/pull/257 - thanks @amanda11 @nzlosh
[x] st2-packages
- https://github.com/StackStorm/st2-packages/pull/729
[x] ansible-st2
- https://github.com/StackStorm/ansible-st2/pull/332 - thanks to @setswei
[ ] puppet-st2
- TBD by @bishopbm1
[x] docker
- https://github.com/StackStorm/st2-docker/pull/259 by @ZoeLeah
[x] k8s
- https://github.com/StackStorm/stackstorm-k8s/pull/379 by @zoeLeah
[x] e2e-tests
[x] st2web
- https://github.com/StackStorm/st2web/pull/1008 - thanks @guzzijones

Updating StackStorm dependencies and upstream CVEs (10mins)

The StackStorm's upstream dependencies need updating. Multiple projects : st2, st2chatops, st2web, orquesta, OS-level dependencies (docker). Identify dependencies to bump, update. Do we need to release a quick patch v3.8.1 afterwards before committing to a more involved v3.9.0?

WIP: Let's fix security (Updated 06 Nov):

[x] orquesta
[ ] st2 (WIP)
[x] st2web
- https://github.com/StackStorm/st2web/pull/1009 thanks @enykeev
- https://github.com/StackStorm/st2web/pull/1010 thanks @enykeev
- https://github.com/StackStorm/st2web/pull/1020 @enykeev
[ ] st2chatops
- !HELP WANTED! - https://github.com/StackStorm/st2chatops/issues/133

Related: StackStorm project security initiatives/ideas/problems are tracked in a separated Github project: https://github.com/orgs/StackStorm/projects/25. Security-interested folks, driving the coordination on these topics would be welcome. Some of the security hardening topics were raised by Scott and Haven in the last meeting https://github.com/StackStorm/community/issues/124.

OS Support and Proposal to use Amazon Linux 2 as supported OS (10mins)

See Add ability to use AL2 as base OS for Stackstorm (ST2) #6016. What's involved to add a new OS? What could be the blockers? @khushboobhatia01 able to assist on this? (the original issue was raised by her colleague?)

Using Eleventy vs Hugo for stackstorm.com website templating (10mins)

We've migrated from Wordpress to GH static pages (Migrate StackStorm blog and CMS to GH Static Pages #76) for better security, allow community to add new content (blogs, website updates) via PR and TSC reviews/approval. It works as https://github.com/stackStorm/stackstorm.com -> stackstorm.com, but uses raw HTML which is harder to manage. Having a template engine for static HTML generation would be better (Hugo template for stackstorm.com #4, Enable Netlify integration (preview) #3) and these tasks were not finished. Dale Smith proposed to Restart Static Site Migration Using Eleventy and CloudCannon #123.

TLDR; Need to decide on the framework used for generating the stackstorn.com website from templates. Hugo - more popularity, experience by the TSC members (bus factor, maintenance burden), heavily used in DevOps/SRE repos for website generation (ex: Docker, Kubernetes). Eleventy, - Javascript/npm tool (we're moving away from Javascript where possible https://github.com/StackStorm/community/issues/8), but Dale has experience with it and can help with the migration.

Who is familiar with Evelenty or Hugo in the TSC and can assist/pair w Dale?

Future Python version (3.10) support issues, Pants builds (10mins)

See https://github.com/StackStorm/community/issues/103 as we're blocked to add new releases, new OSes having difficulties adding newer Python versions. @carlos @amanda11 @cognifloyd to update on where we are, the direction and what kind of help is needed. Community assistance wanted with adding the support for python v3.10.

WIP:
- https://github.com/StackStorm/orquesta/pull/253 by @AndroxxTraxxon
- https://github.com/StackStorm/st2packaging-dockerfiles/pull/111 docker builds experiments by @mamercad

mickmcgrath13 commented 11 months ago

I'm excited to announce that we're doing a StackStorm training at the end of the month: https://www.bitovi.com/events/stackstorm-training

nzlosh commented 11 months ago

Minutes for the meeting are now available.

FileMagic commented 11 months ago

I saw that you were looking for the build of the st2 project to be fixed. while reading through @guzzijones's PR from StackStorm/st2 #5995, that they fixed the tests in that PR. We could look at those updates for those changes.

dzimine commented 11 months ago

as agreed I'll shadow @dalesmith as he uses Evelenty to update StackStorm.com per https://github.com/StackStorm/community/issues/123.

arm4b commented 11 months ago

@FileMagic Thanks for looking at that! Replied in your Slack thread. Also, if there are CI fixes that are part of that PR, - makes sense to extract them first. Eg. fix the working master branch first thing.

setswei commented 11 months ago

Hey, I logged a PR to fix the builds on ansible-st2. Let me know if you need anything else. I added some details to the PR as to what was wrong.

arm4b commented 11 months ago

Very helpful, thanks a lot @setswei

StackStorm / community