 So welcome and good morning Today, I'd like to talk to you about Collin and Bravo Milo the LinkedIn heroes this talk will be mostly about Maintaining containers and making sure that they are following the best practices So let's start with the most important thing and that is why should we care? and that's best practices There are a lot of a lot of rules and practices that you should follow or you want to follow most of them that are written for example in Docker documentation There are something like your Docker files should contain from instruction should have a base image or There should be made to maintain your labor label and and so on so these are some some rules If you maintain Fedora containers, you should follow Fedora guidelines so there's another set of rules and also You you need to make sure that your containers are healthy so you need to take care that you your containers doesn't drink up too much memory or resources and You should not put secrets in your containers So as a container maintainer you might have a lot of things you have to have to think about and it might be hard for you if I have tense images To keep track of every one of them if they are nice or or not So that's why we at Redhead in your space containerization team We were thinking how to make it less painful how to how to improve the experience in maintaining containers and We were thinking about some some tool that would cover some part of the of their walls so what we needed was container linter and We created Collin so let me introduce to you Collin Collin is is a tool that is covering the So it is covering the best practices that are in Fedora or they are common for all images So it has a really nice CLI. I will show it to you in a demo It is it's just light white. It has some important things and it's really easy to use If you want Collin to be used in a CI and you like Python you can use Python API And as I said Colin Collin in its core contains rules for Fedora and for own images but in my opinion the strongest thing about Colin is that You can create your custom rule sets your custom set of rules that you want to apply for for a group of images if you have Some distribution or if you have a team You can you can create or your own rule set and like Run it against it run your containers against the rules that We at redhead we for example have two another rule sets one is for the best practices and it's run on thousands tons of thousands of images and another is It's smaller and it is actually gating some of the images So that's why we can do with that and I was talking about images, but Colin can also Lint Docker files and OS 3 Okay, so I was talking about rules and it might be not clear what is what is rule What is check when you when you talk with about in a calling namespace? so check is a Python Python class implementing the logic and it actually is the place where you Run the potman binary or or API It's the place where you run Docker file parser to to see the labels and so on and so on So that's it with the Python class. You also have metadata There's a description reference URL the URL should Point to the for example the federal guidelines or or the documentation the source where where the where the common rule is Is described and also some tax you can take your your Check that if it is required or optional for which target it is it can be used and so Okay, so we have the checks But we need to specify that I have for example the Fedora what checks are applied to Fedora and So so you create a rule set rule set is adjacent or YAML image. You can choose. It's really easy to use easy to write and you can There are some that there's the checks, but you may have some additional things that are not in a check you have a check that is checking check maintenance label and Default by default it is not required for example and You might want to make it required so you can add some additional data to the to the check so these are rule sets so I Maybe I'm boring you so I will now create a no Do a demo to show you Then I'm not lying Okay, so let's see the health health page first These are the things that you can do with Colin the check itself List some the information. So let's see No No Okay, as I said, there's Fedora and default rule set and let's see what is in the Fedora rule set how it looks like What did I do say, okay, this is it This is the rule set as I as I said, it's Jason file. There these are the names are the the pointers But they reference the the check which is in Python code So all these are optional in Fedora These checks maintain your label name label these are actually required in Fedora These three are required and applicable only to the profiles and so on so so But if you want to see how it looks like the check itself with the rule set and what's the what's the output We can list the checks Yes, and I didn't didn't add the the parameter that is for Fedora rule set. So now we see defaults checks And Actually, they point to Fedora guidelines And the docker docker Documentation, let's see if it's correct. Okay, here you can see that Yes, there are some labels some optional some required and You can believe that Collin is Telling the truth if I want to see checks for Fedora These are here Did the set is bigger? Larger yes, so let's see how it works Maybe you may notice that we use Podman not the docker file and if you want to know the reasons You can check the presentation from yesterday's about podman Yes, that should be explained explained there nicely. So we like podman now and So but I personally use docker now because I'm used to it. So I have some images and I want to these are local. They are not in on in docker hub yet But I want to make sure that they are okay. So Everyone calling Yes, and actually it is not found and that's because it should be in podman and And Yes, and we can see that who is not there, but the Stravomil is there So we can run check against drama milk first. First of all, I'd like to show how to how to Move image from docker to podman So you can use it? This is how we do it. I Hopefully did it yesterday. Yes, I did and okay It would to take longer if it wasn't done so let's make the Check out against drama milk. Okay, and we can see that it's not not so good There are some missing things But yes, they are failed failing, but I don't know why and I don't know why should I care so I can run it in verbose mode and And see the the the description some some some words about why is this important reference and Some logs from that that may be maybe present for example in this help file You can have help that one or read me MD. They are both no present So This was checking the images, but we can check also docker files Yes, and This is checking the docker files. You can see that the checks are not the same There are more checks for docker file for example, and they are a bit different than there is there is no Check for help page. You can you can see it yourself and I was I was talking about the Python API so calling can be run easily There this is this is the simpler one method just you call and then you get the result and you can take a pretty string from it or or Jason and do whatever it in it and This the last part of the demo is used by another hero and That is That is drama milk Okay So drama milk is a container that in its core contains Collin and it adds some and other things that Might be important. There are more is a member of our user confirm bot family and These these these bots are are there for you to to do the things you would do manually otherwise, so it should it should It should act a little bit as a human. That's why it has a human name and Well, what it does when there is a new new pull request on the on github drama milk will see that and It will trigger the calling runs and report the results in the pull request command So that's it. We have actually internal version of drama mail that is That that is doing so that has and other things in it Added so it can do blacklisting. It can do sending emails or sending messages to some message bus But Okay but moment at the moment we have open source only a smart part part of drama mail and it is not running anywhere as a service So it actually needs a lot of love So if you if you have the energy and if motivation you we are welcome to contribute It should be really easy because it's in python and and there are so many ways to improve that so What is there is that the drama mail runs in Open shift and is using salary for for for the triggering and for for recording the task it has to be used with who and who is actually another boat which is responsible responsible for for Listening to the events that are happening in the infrastructure and when some event happens who can catch that and run a trigger for force them send the task for drama and also Uho doesn't work only with drama mail, but it can trigger all sorts of boats so if you want to create your own boats you can use uho and It will it will work nicely actually yesterday. I was looking at our internal uho and I was I Found out that two months. Nobody touched it and it works. Okay, so that's how it should be um, okay, so enough talk Let's have another demo So let's see the uho and drama mail in action This is how the configuration looks like the first one is the topic on that message And the second one is the name of the salary task that should be triggered on the event on the topic So let's start it. It was pre-built. So now it's just listening to github and let's hope it will work the Okay So this is the drama meal and let's have some pull request for example in this in this repository and maybe notice that there was also to pick that Uho catches and it's pull request comment. So let's comment Okay, so Uho received the task it sent a task to drive a meal Drive a meal is actually already finished with the results Yes, so nobody but nobody looks at these locks. Let's see how it looks like in the in the pull request and yes, just few seconds and we have We have the results in past been So it's really usable a usable light white But I have written in the slides that you know just who hone it's to listen to fed message and Github by default doesn't send out events to fed message So you need to configure your repository to to make this for you. It is a web hook so It's done in in the settings But books and you can see that we have the github to fed message Web hook. You see this is how it looks like These are all the events that were sent It's really nice Okay, so that that should be all so I hope you liked it, so This is the here is now is the place for questions. Do you have any questions? Okay, there was a questions. What other other bots are members of the bot family and we actually have we actually have Solania, Solania is responsible for push automatic Automatic triggering of first crash builds on pull request So you can actually ride the wait see that the builds Passes or not even before pushing to this gate. We have Solania also does mass builds before updates Solania does builds automatic builds after Pushing to this github after the actual changes is there We have also Ferdinand that is responsible for updating back Zilla and responsible for updating The error Yes, I think I think they are all are there any other yes, no, okay, so this is it Yeah, and I think I forgotten I forgotten one thing and it's actually I've written in in the expected Questions and that's it that Collin is not a testing interface That's that's really really important if you want To test your images you can use Kono by test everything you need But there's a lot of things Collin should be runnable against a large group of images So that's what I wanted to say. Okay. Are there any other questions? Yes, right now only. Oh, yes. So the question was if Solania can do scratch builds on on rpms Or or just for containers the truth is that right now it can do scratch builds only with Containers, but we hope it will it will be in the future possible to do it also with rpms. Maybe Okay, another question Okay, if there are no questions now, but if you have the questions in the future you can definitely Create an issue in one of those repositories or even better. You can contribute. It's really really welcomed so Thank you for all your attention And have a nice day