#ansible-docs log

15:02:23 <samccann> #startmeeting Documentation Working Group aka DaWGs
15:02:23 <zodbot> Meeting started Tue May 31 15:02:23 2022 UTC.
15:02:23 <zodbot> This meeting is logged and archived in a public location.
15:02:23 <zodbot> The chair is samccann. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
15:02:23 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:02:23 <zodbot> The meeting name has been set to 'documentation_working_group_aka_dawgs'
15:02:39 <samccann> #topic opening chatter
15:02:44 <samccann> @room Meeting time! Who is here to talk the docs?
15:02:55 <samccann> Raise your ascii hand (o/) to say hi or any other way you want to let us know you are here. And Welcome to any new folks!
15:03:11 <BlaisePabon[m]> (I'll be slipping in and out of DaWGS due to a conflict with $DAYJOB)... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/2263aad6cdfdd212aa999304bf7e5aaf66558d1a)
15:03:48 <orandon[m]> o/ but also have a conflict
15:03:56 <tremble> o/
15:04:16 <ompragash[m]> o/
15:04:16 <tremble> (About, but in another meeting too)
15:04:23 <samccann> Blaise Pabon: Yeah sounds like a good idea. I think in general we need to 'get started' on multiple levels. The general one Don Naro is working on now, and then for each of the main pieces of the Ansible pie, we should have a good walkthrough on the basics.
15:04:39 <samccann> #chair Blaise Pabon Don Naro ompragash tremble
15:04:39 <zodbot> Current chairs: Blaise Don Naro Pabon ompragash samccann tremble
15:04:43 <BlaisePabon[m]> Hi, my name is blaise and I haven't been to a meeting in a few years.
15:04:43 <BlaisePabon[m]> ...it's been 5 days since I last ssh'd into production.
15:04:59 <samccann> lol welcome back then!
15:05:26 <samccann> briantist: you around to talk docs today?
15:05:38 <BlaisePabon[m]> Oh! hey, my meeting got moved so I have 30 mins
15:05:40 <briantist> oh hey, yeah I'm sort of here
15:05:49 <samccann> #chair briantist
15:05:49 <zodbot> Current chairs: Blaise Don Naro Pabon briantist ompragash samccann tremble
15:06:11 <samccann> ok let's get going then
15:06:18 <samccann> #topic Documentation updates
15:06:40 <samccann> #info Ansible 2.9 and 2.10 are officially EOL for community.
15:06:58 <samccann> means we won't patch the docs on those anymore
15:07:44 * samccann she sez jinxing herself that something really bad will need fixing
15:08:07 <briantist> haha
15:08:08 <samccann> #info need help - https://github.com/ansible/ansible/issues/77908 python package on RHEL/centos for kerberos.
15:08:36 <samccann> Mostly I want so know if folks think the summary in that docs issue is correct
15:09:04 <samccann> (aka installing python-devel on rhel/centos/fedora is actually installing python3-devel or some variant of that)
15:09:53 <samccann> I tried locally and seems RHEL 8 has to be installing python3-devel and it will pick up whatever is the current python version.
15:12:05 <BlaisePabon[m]> python3 is all the modern stuff
15:12:39 <BlaisePabon[m]> (says the fedora guy)
15:12:56 <samccann> yeah the tricky part - installing python-devel still works on fedora.. it just installs python3-devel. On RHEL (8) it doesn't work. Has to be install python3-devel.
15:13:12 <samccann> But figured I'd ask folks to take a quick look to be sure I wasn't missing anything thanks!
15:13:43 <samccann> so imma say we change it to install python3-devel since that works on both (and i'd assume on centos.. don't have that handy to test at the moment)
15:14:24 <samccann> ok onto another topic...
15:14:32 <samccann> #topic community docs writers project
15:14:45 <samccann> #info - working on a community docs project board to coordinate across a group of volunteer community writers
15:15:14 <samccann> So the idea here - we have a good handful or more of writers looking to get some opensource experience
15:16:11 <samccann> These folks can come in and review docs PRs and do some basic Edit on Github work. It would be grammar type edits since they don't know Ansible at this point.
15:16:30 <samccann> But tremble  - I'm thinking they could have done the PR review you requested here earlier.
15:16:53 <samccann> This isn't the 'permanent' project board - I need to move it to a different github org, but I'm thinking something like this - https://github.com/orgs/ansible/projects/92
15:17:20 <samccann> And then you'd just add your request there and select whether it is a PR review or an edit on github kind of issue etc.
15:17:59 <tremble> Yup, someone good at the word-smithing side, but light on the Ansible/Dev side would be perfect and exactly what I was after.
15:18:25 <samccann> cool! I'm hoping once I get this all set up, other collection owners can take part.
15:18:26 <BlaisePabon[m]> Ok, I see. Yes, there is a python-devel  but that is 2.7 legacy python.
15:18:26 <BlaisePabon[m]> Explicit is better than implicit. `python3-devel` FTW
15:18:45 <samccann> Blaise Pabon: great thanks!!
15:20:05 <samccann> #topic Archive docsite
15:20:19 <samccann> #info will move older docsets to an archive site. At what point do we move more recent EOL docs over once it is set up? https://github.com/ansible-community/community-topics/issues/78#issuecomment-1072535541
15:21:13 <samccann> I mentioned this before but we want to move the old docs (definitely say 2-3 - 2.8) to an archive site. This would change the urls (and thus remove them from google searches that are picking up very old stuff today)
15:21:58 <samccann> I have notes somewhere about redirects - so users would start getting /latest/ doc hits instead of /2.3/ for example. But it would still keep 2.3 docs available someplace else so people actually using very old releases can still find the docs
15:24:17 <briantist> nice! archive site sounds like a good idea
15:24:55 <samccann> yep. it's been something i've always wanted to do in docsland.. so you  know... bucket list FTW! ;-)
15:25:08 <briantist> 🎉
15:25:23 <samccann> ok let's swing over to ...
15:25:29 <samccann> #topic doc-tools
15:25:49 <BlaisePabon[m]> For example:
15:25:50 <BlaisePabon[m]> https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#using-collections
15:25:50 <BlaisePabon[m]> Is really nice and it might be good to surface it early for folks who stumble into the docs from ansible-galaxy for example.
15:26:26 <briantist> I can talk a tiny bit about github-docs-build: https://github.com/ansible-community/github-docs-build
15:26:34 <samccann> #info https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#using-collections is a little buried- let's surface it better in the docs
15:26:44 <samccann> briantist: cool go for it!
15:27:35 <briantist> it's in a good place for folks to start using now that we have the GitHub Pages publishing option, but I'm not quite ready to announce in the bullhorn just due to personal time, soon I think though
15:27:59 <samccann> how are the docs around that? (as in how to use it etc?)
15:28:28 <briantist> https://github.com/ansible-community/github-docs-build/wiki/Getting-started-with-GitHub-Pages
15:28:33 <briantist> docs are so-so, needs work
15:28:54 <samccann> ok
15:29:15 <samccann> so the next question - is that a good home for them? We can add a pointer to there from the developing collections docs on docs.ansible.com for sure
15:29:33 <BlaisePabon[m]> I have to leave. You are all such awesome people, doing the lord's work.
15:29:44 <samccann> :-) thanks Blaise Pabon
15:29:59 <briantist> I have a PR open for implementing it in `community.windows`, but nitzmahone did a security assessment, and decided that while there are not specific vulnerabilities, out of caution they don't want to do the PR workflows in any RedHat-controlled collections (but do not seem to have concerns if other collections want to do so)
15:30:30 <briantist> this was discussed in the Windows Working Group meeting so the full conversation is available for anyone who wants to read it: https://meetbot.fedoraproject.org/ansible-windows/2022-05-24/ansible_windows_working_group.2022-05-24-20.00.html
15:31:53 <samccann> #info some discussion about security 'worries' over github PR workflow proposed for collection docs changes https://meetbot.fedoraproject.org/ansible-windows/2022-05-24/ansible_windows_working_group.2022-05-24-20.00.html
15:32:27 <samccann> #info no specific vulnerabilities but probably not something to use on a RH based certified collection.  Will be open for other community collections soonish
15:32:57 <samccann> cool thanks for the details! I'll go back and read the log just so's I can follow along
15:34:03 <samccann> anything else in docs tooling to discuss today?
15:34:40 <samccann> (for anyone new  docs tooling is the background code that makes the docs happen - mostly collection docs)
15:36:38 <samccann> ok thenk!
15:36:40 <samccann> s/thenk/then
15:36:45 <samccann> #topic Open Floor
15:36:54 <samccann> Any thing else we want to discuss today?
15:37:02 <samccann> fav PR? fav issue lingering?
15:37:38 <orandon[m]> sorry I've been a bit quiet today but conflicts... can I plug my Getting Started PR? still looking for reviews. https://github.com/ansible/ansible/pull/77897
15:38:42 <samccann> #info  pr review welcome on revamped Getting Started guide - https://github.com/ansible/ansible/pull/77897
15:39:13 <samccann> Don Naro: how close do you think it is? like maybe we can merge by end of week? or still want more reviews etc?
15:39:39 <orandon[m]> I'm pretty happy with it tbh
15:39:39 <samccann> keeping in mind it's 10x better than what's there today so.. would like to get it out  there and iterate improvements as we go so to speak
15:40:16 <samccann> cool!
15:41:02 <tremble> Looks like nitzmahone's concerns with the docs-build PR is related to granting write access to the repos themselves.  I'd like to comment that the temporary build and validation workflows are still really useful.
15:41:32 <tremble> docs-build workflows rather
15:43:06 <samccann> tremble: is there a middle ground here? Like the temp build/validation is one set of tasks, and the full she-bang with write access to the repo a step beyond that?
15:43:14 * samccann really needs to read the docs on this!
15:43:54 <tremble> yes, community.aws and amazon.aws are using the validation and non-publishing workflows and they're really helpful
15:44:02 <samccann> coolness
15:44:08 <tremble> * and non-publishing build workflows and
15:44:48 <samccann> Do we have any other open floor topics today?
15:45:00 <BlaisePabon[m]> (naive question)...
15:45:00 <BlaisePabon[m]> has the group looked into zuul-ci for building the docs?
15:45:00 <BlaisePabon[m]> I'm thinking more specifically of https://www.softwarefactory-project.io/ or https://opendev.org/
15:45:36 <BlaisePabon[m]> (that way all the build logic would be Ansible plays)
15:46:14 <tremble> In theory it can be done, unfortunately (as I understand it) the team managing Zuul doesn't really have much spare capacity right now.
15:46:35 <tremble> Zuul is already used for a lot of the test and release workflows
15:48:01 <BlaisePabon[m]> Ok. yes, I wasn't going to suggest zuul upstream but maybe one of the public offereings like opendev or softwareffactory
15:48:44 <samccann> what does ^^ do for us that the current CI doesn't (or the current, tho internal to RH, jenkins buiilds)?
15:49:30 <BlaisePabon[m]> The immediate benefit is that all the build steps would be written in Ansible
15:49:57 <BlaisePabon[m]> ... and zuul can auto merge non-breaking changes.
15:50:54 <BlaisePabon[m]> You can run it on tops of Jenkins
15:50:54 <BlaisePabon[m]> https://opensource.com/article/20/2/zuul
15:50:55 <tremble> The security issue is more to do with reducing the chance of something being able to slip an extra commit into the repo, so Zuul vs Actions doesn't really solve it.
15:50:55 <samccann> so automerge would be after 'some specific approvals' yes?
15:52:05 <BlaisePabon[m]> well, yes. The criteria for automerge are typically ansible plays that perform several tasks.
15:53:10 <tremble> The suggestion from the meeting was basically to have the workflow only publish to somewhere other than the main collection repo.
15:53:14 <BlaisePabon[m]> Oh! ok, in that case, you wold want to use Gerrit, where every commit is reviewed
15:53:29 <BlaisePabon[m]> (it sounds bad when I say it like that)
15:53:51 <BlaisePabon[m]> yes, I think that is a great idea.
15:54:55 <tremble> It doesn't need to be Gerrit, you can set the relevant rules in GitHub, but if the action can push a commit that it generates, then if you can compromise the action in some way the whole repo could be compromised.
15:56:12 <BlaisePabon[m]> yes, that would be bad.
15:57:07 <samccann> oooch yep
15:57:13 <BlaisePabon[m]> btw, I'm only asking about zuul because it's intended for projects comprised of mutiple repos.
15:57:54 <briantist> sorry was in a meeting, tremble: yes, it's around the write access, but as discussed, the part with write access never runs any PR code (actually it doesn't run any code from the repo at all), glad you're finding it helpful!
15:59:27 <briantist> the part that runs PR code only runs with a read-only token, and because the workflow is a `pull_request_target` trigger, the workflow itself is always from the target branch, so you cannot modify the workflow in a PR and run it triggered by that same PR
16:00:18 <tremble> briantist: During this meeting the workflows caught a mistake I made ;)
16:01:22 <briantist> I have been using a variation of these for a long time now, before they were separated, it was first because I was creating the initial docsite pages, and I don't know RST well, and it's tricky to get the syntax right, especially when you're making references to pages that are not in your repo
16:01:32 <briantist> the fast feedback is essential
16:02:41 <briantist> the GitHub Pages publishing is new, but I originally used this with publishing to surge.sh and that is still an option for anyone weary of making commits, it just requires someone with permissions on the repo to set the API token in the secrets
16:04:48 <samccann> ok we're about at that time. Anything else before we end the meeting?
16:06:19 <samccann> ok thanks everyone!
16:06:26 <samccann> #endmeeting