 Okay, now it's being recorded and yeah, the first message I see that Hangoutsumware is going away later this year, so probably later we will need to think what we use as a Jenkins project. Yeah. So am I audible? Yeah. Probably too audible, as Joseph says. Yeah, something else you like, but it's working. Yeah. I just got an electric card, so my audio jack doesn't work too lively and now I use a full professional setup, I know. Okay, let's take a look at our agenda. So we have several people on the call. Do you see my screen? Before I mess it up, yeah, I made myself a presenter. The recording should be fine, so we have a different agenda, so as usual we have some news which we will discuss, and yeah, I just put some topics I had in mind, so syncing up on ongoing pull requests and activities, then yeah, we have a G-Cast plugin compatibility project, so that's why we have UEFAE on the call. And we also have some G-Cast test framework enhancements which are underway. So in addition to that, would we want to discuss any topics today? Okay, so let's just proceed with this list and if something pops up, we can switch to the topic. Okay, so what about news? I guess since the last meeting two weeks ago, you've got a couple of new releases, yeah, I guess only this one, so maybe you Joseph would like to summarize it or maybe you team. I'm just having a look. So there was some references to support plugin have been removed in the code and we're no longer publishing it. Joseph's currently working on deprecating it, making it clear to users that they should remove it. That should be coming soon, hopefully. There was an issue with exporting node properties which has been fixed, proxy-configured, didn't resolve secrets, and there's a new way of testing that was merged. Last week or two weeks ago, we haven't publicized it too much because there's a few issues with it we're trying to work on where we can't do an export run trip, which we'll hopefully have resolved soon. We discussed how to do it at the last meeting, and we've also recently had JMH benchmark support merged into Cask to use configuration as code to set up your benchmarks, I believe. I think that's about it for now. Yeah, I guess that's it. So this patch is still in common, so it hasn't been released yet, but yeah, there is a topic and agenda for it because yeah, I also wanted to discuss it. Maybe I'll be the agent so they call later, I'm not sure. Another change which happened in the project is about security content. So before that, Villino was security content, but there was some private conversations over past weeks, and we agreed to proceed with Joseph Patterson being security content. So we will have a discussion about what it implies later, but we have a meeting page. I'll probably share it later. You just need to find it. Villino will come with Joseph after the call to discuss next steps for that. But yeah, now if anyone submits issues to Jenkins configuration as code. Yeah, please. I find that there is a guideline how to report a security issue. And if you follow this guideline, you submit a private issue which will be a process and then the security contact. It's now Joseph will be able to process a decision and we as a security team schedule the new release together with the maintainers. So yeah, this is the new process. And yeah, probably we can discuss it more at the next meeting. But yeah, right now there are some action items we will follow up on this topic. Okay. So other topics is about JSOC. So you may have seen that there is an indication about the change of the project in the Jenkins developer mailing list. So we have UFA on the call. UFA is a student who was working on the external workspace management project. But here are some changes. It was agreed that he will proceed this configuration as code. Yeah, so yeah, this is the current project. You will still need to update the website. Sorry. Yeah, I don't know what you mean by updating the website. I thought it was the blogs. So you mean Jenkins.io. Yeah, that's it. Yeah, we will talk about it. So yeah, so if UFA passes the first evaluation which is scheduled to the next week, then there will be a work scheduled for Jcast plugin compatibility. And yeah, since UFA is on this call, maybe you would like to introduce yourself. Okay. Yeah, thanks everyone. Yeah, I'm here. UFA, I will introduce the reason why we gave up on the external workspace manager. And that's a kind of tough story. That's a little bit tough to say. And now I'm working on the Jcast and I've been going through the code base of Jcast these days. And honestly, it's a little bit difficult for me to find the internal logic of this plugin as it looks much more different than the other plugins. So there are a few points that I still don't understand by reading the code. So I might need some help with that. We can discuss it later when we go to this Jcast topic. Okay. Yeah, let's discuss a bit. But maybe you would like to introduce yourself, not the project. Me? Well, like, there is nothing much about myself. I'm a 30-year student in Simon Fraser University, Canada. And I was in Zhejiang University back in China. Now, I'm working a lot with clouds. So this is why I chose AWS. And also I'm working with some configuration as code tools like Terraform to provision our infrastructure. So the concept of CASC and Jenkins is like, it's like, they're not as stranger to me. So thanks everyone. We can have a good journey if I can pass the first coding purity evaluation, which is kind of... I'm not very confident right now as there is nothing... There's not many results there for me to show to the audience. So that's all thanks. Maybe we can discuss it later or maybe you should discuss it together with mentors. Okay. Yeah, let's... any other news we wish we are missing? Okay. So, yeah. Regarding project activities, sync up. So, yeah, we had several topics, but basically we need help with the... Yeah, then there is blacklisting reports. I also had a question about the sleep annotation indexer because I'm not sure what's the current relation for the project. It looks good. It looks forgotten about. Yeah, looks so. So, yeah, we could probably sync up on these stories and, yeah, if there is anything else outstanding, just add them to the bottom of the list. Yeah, it looks that configuration as code plugin itself, codebase is doing well. So, yeah, there are some changes like this one by team, but yeah, basically it's almost all changes which have been submitted are already integrated. Yeah, blacklisting of experts is already here. Okay. So, yeah, we can start from plug-in duplication engine. Joseph. Yeah. So, in talks with Daniel inside the PR, we can agree that it would be better to do a full implementation instead of the short-sighted one. And the short-sighted is to start labeling plugins as deprecated in a certain file on the update center. But we think it would be a better idea to do the same thing as we did for security warnings to implement a data structure that allows to also give reasons why something is deprecated or what is replacing the plug-in because usually some people plug-ins or it could be that it's deprecated. There's no exit containers or it's deprecated. There's no code that's doing anything anymore. I agree with what we should try and drive it as a chip. Yeah. So, write the readiness and then get us involved and then try and write out the chip. Yeah. So, yeah, this story unfolds a lot. Yeah. And if you're interested to implement this entire story. Well, it's great, I think. Yeah, I'm not sure. I think. Yeah, they use pieces in J-Task except for plug-in deprecation. Because Mike, the current implementation that we were suggesting was to, as I said to Mike, plug-ins as lit there were labeled them as deprecated. Okay. It's kind of limited in what you can do because what reason for it being deprecated. We are better to have the update center have the data that could then say, this is why I'm just doing the actions. We can improve the plug-in or the hint that maybe they have the uninstalled plug-in link. You can just get that and put the plug-in for you. Yeah. So. Okay. Well, it would be great if not. Yeah, I think that your configuration is called support plug-in. It's not indicated that people should stop using it. Yeah. But it has like 3000 installs. So we'll see how it props next month. Okay. Next month again. Well, unfortunately plug-ins in Jenkins do not tend to lose the installation number. Even plug-ins which have been deprecated for years are still growing the installation number sometimes, especially the different plug-ins. For JCASC, I hope it will be better. But yeah, there is a glorious adoption chart for anti-plug-in. Yeah, sounds really like 2019. Okay. And this is what we have. I hope that for JCASC plug-in it will be better. Okay. We understand. Yeah. Okay. Regarding blacklisting. Yeah. Anything else for that, Joseph? Nope. Mm-hmm. So for blacklisting, that just needs reviews, right? Yeah. Just to decide how far we want to take it. Currently I'm looking at the program supplying a file that contributes to it. Mm-hmm. I pulled in some of the code from JEP 200. I haven't pushed it. I haven't tested it yet. But so that changed their works for the specific instance we're trying to fix. You just see how it looks for other instances. Yeah. Mm-hmm. So at least one of the choke points here is about the file format. Because, yeah, so this is this long discussion. Yeah. Yeah. So yeah, main problem for JEP 200 is that JEP 200 was designed for, I feel, it hasn't been really designed for methods. But yeah, I'm not sure what would be the approach. We can just assume that we represent the field name, because EIJCASC exports string classifier anyway. But yeah, I guess it's the biggest problem. But if you have this engine, it would be really helpful for few developers. Yeah. It would be interesting to see how much use it would actually get. I'm not sure that it's something that common. Yeah, it's also a fair point. I'm not sure whether even just this would be enough or something slightly more than this. At least, I would say maybe we could improve it to have a rate list that you compare against the lack list. And then we can just improve it. If we need more, then we can look at adding the JEP 200. Yeah, right. Perhaps that's the simplest solution for now. They just extract it to a file? No, not even a file, I think. Just encode list of strings that you look for. There would be one string that you're looking for. Yeah, I might just do that, just to get this over the line, because it will unblock the testing around trips. Well, I guess it's only one of the obstacles there, but it would definitely help. So here, your JEP 200 implementation, you may see that it's mostly classes, but yeah, who knows. Whatever works for you there, and if you need any reviews, let's just try to do them in the pull request. Yeah, if you need knowledge transfer, for example, for how JEP 200 works, I can do it later. Maybe even at this call. I tracked it down eventually. I think I figured it out. No. Okay. Yeah, that's good. So yeah, let's hope that it plays out, and we already have some test automation. I think it should be fine. Yeah, it's covered in the test there. At least we're fixing that case. Yeah, thank you. Yeah, I had to test the JDK one, though, because it seems that by default, JDK will set my local machine, my Max path. So without configuring it, I couldn't test the other stuff I was having. Just a minor comment, sorry. In Jenkins, you can link issues by notations. So far, this engine basically does nothing after that. But presumably for the test annotated, at some point, we will be able to collect this data and to use it for some kind of metrics. Obviously not the top priority for Jenkins developer tools. But yeah, who knows. Okay, anything else on that? I don't think so. Yeah, and the last one was for Lupinotation indexer. I just raised it in the chat, because yeah, I just touched this library a while ago. This pull request itself looks good to me, but yeah, I was trying to track it down to whatever existing story. And yet, to be honest, I wasn't able to understand whether it's something still useful for jkask. I think for jkask, it's no longer useful. It was while we were having beta packages and trying to mark code as beta, as I reported. The main reason for it was you could blacklist everything and then just have one package API, just the public API. Yeah, right. It's useful, but... It is useful. Okay, not long needed for jkask, but still useful. Yeah, so maybe I'll see whether I'm able to land it. I think that it mostly depends on the feedback from Nikola. Okay. Any other pending changes which need attention? Okay. So, yeah, jkask plugin compatibility project. Oh, well, let's break it into two parts. The first one is what I'm doing right now. What I'm doing right now, just like Joseph said, just a review down the most recent pull request on external experience manager. And it looks like we still got a lot to fix, but anyway, we had some improvements on marketing spaces. So, the first one is external workspace manager and the second one is easy to factory, or I don't know what's happening there. Yeah, regarding external workspace manager, this is a request, right? Yes, but the Martin's branch is not working actually. They made something wrong, so I just like revert to it some previous commits and started from there. Okay. So, this is the new one, right? Yeah, this is a new one and now it can somehow work. I uploaded this HPI to my own Jenkins instance and now it can export the desired YAML file I wanted to export. So, this is ongoing, but I need to figure out what Joseph was saying about those. Yes, that's part of my job in the potential next few days and the easy to plug it. Yes, I've done refactoring. So, to me, the refactoring is breaking constructors to setters, but I've done refactoring on several clauses, but I wouldn't move on to the other clauses. The test just broke, the project cannot be viewed. So, there are some questions I need to ask, maybe Tim, maybe Oleg, maybe Joseph, like how the data constructor works. Like, there are some data constructors that is not... Yeah, maybe you want to share your spin and just show it to us? Yes. Okay, but there is some problem with my fonts. It's too small. Okay, you can just send the link to the port and I will screenshot for you then. Okay. Just send the link. I see we're going to... Yeah, it's too small. I don't know why. It's going to be like this. It's something in here. Okay. Font. I think one of the things you probably should start with is to duplicate the old constructors and remove the data bound and create the new constructor. That will probably help you, help not to have to rewrite all the tests. Yeah, so right now I don't follow the discussion because there is no pull request in the plugin. Yeah, I'm not sure what you should be showing. Actually, last week I asked in the jkask-gitter and I asked if there is any opening issues about EC2 and there is someone, I don't know who it is, but he just said he has done all closed out, all the related PRs about EC2 plugin and he said there is no remaining issues for EC2 plugin so that's why I asked, what's the job since everything is done? It was kind of confusing, but later I realized I didn't find the refactoring on this file. I didn't find it anywhere. Trust me, I went through all of the PRs. So there are some problems. For example, the most one is like, so there are some data-bound constructors they are not simply using this xxs equals xxs or they have some like judgments. I don't know how to break it into those forms. Is there any underlying mechanisms? Also, there is a file here, EC2 step. When I break this EC2 step into data-bound setters, the whole build just crashed. I don't know why. It's a simple constructor, but I don't know why the setter doesn't work here. But I can relive these questions later and publish them in the public email. So that's what I've been doing right now. So what you could do to make it a reviewer will, firstly, submit full request. I'm trying to find the discussion in the chat, but if I recall correctly, there was a question of what to do in jcask. I said that there is one ticket open. Yeah. The ticket for what? Yeah, right. So I noticed all of the measures. What else we can improve? Yeah, I just said that we already discussed it on Wednesday because your last Wednesday we had a meeting on the evening. We agreed that we already reviewed these full requests. At that point, you said that you would look at refactoring options because it was the only remaining ticket. Yeah. If you don't want to work on refactoring, it's fine. If you don't want to work on refactoring, it's also a setback. Okay, so some days then this goes to the plans. So here I list the plan. I've communicated with Joseph. So I went over almost all the issues and opening PRs about what I might do. So there are a sort of issues like supporting multiple sources to import the config.yaml file. So one is using this custom header, though Joseph told me to leave it a lot to not focus on it anymore. And he told me to focus on some downloading from GitHub and Branch. I think there is an open issue about it. It's somewhere near... Where is this? Is GitHub Branch soft or what? Yes, GitHub Branch. I think it should be somewhere around this one. So come to... No, it should be 200 and something. I think I included it in here. Joseph got to have a link here. Where? Here, I think it should be down here. Oh, you're sharing the screen because I didn't know that you shared the screen because you said... And again. Yes, that's why. GitHub Branch is a configuration source. So Joseph told me to work on this. So I'll take a look at the source code here. Wait a minute. Why did I just turn up so small? I have no idea. I've got to go now. Okay, thank you. So this is one thing I'm working on and there's also an AWS free... I'm not sure if there's any opening PRs but I don't think so. And it looks like everyone agree on this is a good point. And since I've had the experience working with AWS Java SDK I think this one together with the GitHub one might be a good point to start. So I took a look at the source code and then I found that the key point is here. By the way, the way we... Like the jcast configuration, the web UI is different from other plugins. It's read from the new source and then do something here. I think this is the entry point where people either put a string on the web. For example, let me see if I can use this here. So this is an entry point where the user put a URL and then the function goes to here and do something like using the YAML sources. Yeah, I take a look at the YAML sources where it's the YAML sources. This one, YAML sources here. I read all of the source code here so I found that maybe I need to add some new YAML readers. And this part of code is... There was a contributor who supports an authentication HTTP header. So this is part of code. But for me, if I want to make it work, maybe the web UI should be like this. So there is a heat row property. Like there is a drop-down menu. I can choose what kind of source I want to use. The ADVS-3 custom header HTTP code plus range or something like that. So basically it would imply having a configuration source as extension point in Jenkins with the ability to define it in plugins because we are likely want to have AWS client directly in the configuration code plugin. Yes, of course. Yeah, I think it's a valid goal and it would be a big story when it unfolds. What? For what to be done? Well, so the extension point itself is easier. When defining UI, it's also easy because it's just describable drop-down or whatever. So there are existing complementations which you can use. The real problem comes from the fact that you need to use this extension point in the code. So it's not only about UI. You also need to have an underlying project. You probably need to somehow be able to configure the source so that Jenkins is able to load the configuration on a startup from AWS because I don't think it makes sense to load it on a different web UI. Maybe Joseph could comment on that. It might be a pretty big story. Yes, the request, does the request require loading on startup from AWS? That was the idea that they wanted to load the demo configuration from AWS instead of one path. That would definitely require just plugging something that authenticates against it. Yes, so it means it would be an extension point. So JCask plug-in, firstly, would need to resolve URL and Cask Jenkins config value to understand which extension point to trigger. Then they will build this config loading logic which may also need refactoring because currently the whole logic is implemented around following. It definitely makes good factor but it would be a change. There is also currently another extension plug-in for JCask, for EC or AWS S3 Secrets, as I recall. Or I cannot remember if it's Secrets but it's definitely something with Secrets. Now I can't remember, of course. Yeah, so potentially it could be the same plug-in though you have to rename it already. But yeah, maybe having separate plug-ins is also okay. So we can leave that discussion in today's morning meeting. But before that I'd like to say I need some keys. I just transferred from the previous project to this one and so I never experienced any keys. Actually I didn't have any keys in the previous project though I required one, I think, but there was no time for Minus to give me a key. Which is kind of... Honestly, without keys it's hard for me to make prominent progress as I need to find out... I don't really need to read the documentations I need to find out where should I find this documentation. Yeah, maybe we could start from the beginning. For the previous project, have you requested knowledge transfers? Because what we can do as students is to send us a list of information we need to know to be successful on the project. Yes, but at the community bonding we had the meeting until the last week which is kind of... That means we're opinion students anyway. What do you mean? We're opinion students anyway, independent of the meeting. So... Yeah, if you found out about not having key keys in the previous project I would say it's not only a problem of mentors. Regarding key key for this project I agree with you that key key is something we need but in order to have key keys we need to understand what information you want to get. Again, there might be but I think there should be some key requests in the meetings but I don't know what's going to happen there. Yeah, so let's do it. I think that's all for my plan I've been figuring out all this stuff for these days. Okay, thank you. So I'll probably just make some notes and I would appreciate if other people also make notes here. Plans for the next steps. So G-Cask and the key tool configuration source. So yeah, I'm just trying to put what we had would involve and G-Cask for config sources then to factor in on the file project to implementation. Can you plug in this? Have I wrote it down correctly? I think so. So maybe it's something you need to think about so if you approach it in such a way think what information you need to be successful on delivering these section items and you probably would need the existing ticket and the required keys. So here I would just say that if you define a project is it fine museum? Yes, it's good. I've got to drop this. I have another call coming up soon. So see you in the fortnight. Okay, so I'll probably pink you later because we need to discuss the security stuff. Yeah, I got it. Okay, so yeah. Bye. So yeah, one topic which is left to our agenda is G-Cask test performance enhancement. We have this pull request which has been already integrated. So the story behind it we basically have a blog post which is almost ready to go about phase one. But yeah, basically there is the blog post inside and it includes the part about the G-Cask. Are you there on this call? Yeah, I'm here. The student working on the project. One question here is what would be the EP for the next release? So we could understand what we do about this blog post. What would be your take on that? Yeah, I don't know actually. Just go ahead and release it. I have no qualms about releasing right now. So your post, the main problem that current release doesn't really include any functional changes. I mean the only changes in the test framework. Oh, now we have easy to plug-in parameters deprecated. Oh, it's documentation. Yeah. Maybe we could add something. Yeah, because our main problem that if we cut the release now it's not a release for users. Which is probably okay, but it's a little over there. Well, what we could do is split it out. So before releasing, we split out the separate plugin for separate test framework. That could be an option. Yeah, maybe. But that would require more work. Well, I can probably do that. So you mean this everything on the MISC I guess should be out. Oh, this one. Okay, so if it helps to deliver this change I'm ready to take it. Then there would be at least a also a user-facing change, I guess. Well, this fucking user change. Yeah, maybe. Okay, so yeah, I can take it maybe a few days you would like to it's possible, but yeah it's not a part of your project goals, so yeah. Just default to take it. I'm not sure what has to be done here. Okay, then yeah, it's better than if I just take it because it's a long story. So maybe it's better if I just do it. So yeah, I'll take it. I'll try to deliver it maybe by tomorrow no commitment, but yeah, I'll try. Okay. Good. Sorry if this meeting took so long. Maybe we need to think how to optimize that. For example, no public request reviews or whatever. So maybe it's a question for you Joseph and the team if you feel that not useful for the meeting, we can just cut them. Okay, thanks. Okay, so yeah, then thanks everybody. I will stop the call if you Joseph could stay online for a second. Yeah, you can discuss some other bits. Thanks everybody.