[oslo][requirements] Bandit Strategy

Ben Nemec openstack at nemebean.com
Thu May 16 15:28:03 UTC 2019

On 5/16/19 4:29 AM, Herve Beraud wrote:
> Hello,
> To help us to be more reactive on similar issues related to requirements 
> who drop python 2 (the sphinx use case)
> I've submit a patch https://review.opendev.org/659289 to schedule 
> "check-requirements" daily.
> Normally with that if openstack/requirements add somes changes who risk 
> to break our CI we will be informed quickly by this periodical job.
> I guess we will facing a many similar issues in the next month due to 
> the python 2.7 final countdown and libs who will drop python 2.7 support.
> For the moment only submit my patch on oslo.log, but if it work, in a 
> second time, we can copy it to all the oslo projects.
> I'm not a zuul expert and I don't know if my patch is correct or not, so 
> please feel free to review it and to put comments to let me know how to 
> proceed with periodic jobs.
> Also oslo core could check daily the result of this job to know if 
> actions are needed and inform team via the ML or something like that in 
> fix the issue efficiently.

This is generally the problem with periodic jobs. People don't pay 
attention to them so issues still don't get noticed until they start 
breaking live patches. As I said in IRC, if you're willing to commit to 
checking the periodic jobs daily I'm okay with adding them.

I know when dims was PTL he had nightly jobs running on all of the Oslo 
repos, but I think that was in his own private infra so I don't know 
that we could reuse what he had.

> Thoughts?
> Yours Hervé.
> Le jeu. 16 mai 2019 à 07:44, Tony Breeds <tony at bakeyournoodle.com 
> <mailto:tony at bakeyournoodle.com>> a écrit :
>     On Tue, May 14, 2019 at 11:09:26AM -0400, Zane Bitter wrote:
>      > It's breaking the whole world and I'm actually not sure there's a
>     good
>      > reason for it. Who cares if sphinx 2.0 doesn't run on Python 2.7
>     when we set
>      > and achieved a goal in Stein to only run docs jobs under Python
>     3? It's
>      > unavoidable for stable/rocky and earlier but it seems like the
>     pain on
>      > master is not necessary.
>     While we support python2 *anywhere* we need to do this.  The current
>     tools (both ours and the broader python ecosystem) need to have these
>     markers.
>     I apologise that we managed to mess this up we're looking at how we can
>     avoid this in the future but we don't really get any kinda of signals
>     about $library dropping support for $python_version.  The py2 things is
>     more visible than a py3 minor release but they're broadly the same thing
>     Yours Tony.
> -- 
> Hervé Beraud
> Senior Software Engineer
> Red Hat - Openstack Oslo
> irc: hberaud
> Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+
> RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP
> F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G
> 5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g
> glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw
> m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ
> hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0
> qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y
> B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O
> v6rDpkeNksZ9fFSyoY2o
> =ECSj

More information about the openstack-discuss mailing list