5 Jun 2020 |
_hc | 1GB is the max site size | 19:00:43 |
cdesai | just adding files to a git repo could work too. | 19:00:49 |
_hc | yeah, there's a 10GB limit for git repos | 19:01:12 |
_hc | not easily viewable though | 19:01:22 |
_hc | so the max snippet size is 50MB! https://docs.gitlab.com/ee/administration/snippets/ | 19:02:16 |
cdesai | could compress the logs if put in the git repo | 19:02:34 |
_hc | I agree it would be nice to have the build logs in gitlab-ci, but it seems we would have to give up so much to have that | 19:02:52 |
_hc | snippets are easy to post via the API | 19:03:16 |
_hc | one liner with curl , or very simple in python | 19:03:26 |
_hc | oh 50MB is the default size, I wonder what gitlab.com uses | 19:04:08 |
Bubu | In reply to @freenode_cdesai:matrix.org you don't have a central resource with ssh access to your infra. gitlab ci coordinator don't have access to your infra | 19:05:12 |
Bubu | the runner polls for jobs | 19:05:24 |
Bubu | and executes them in docker containers | 19:05:32 |
_hc | gitlab.com could feed arbitrary jobs to your runner | 19:05:54 |
Bubu | yes | 19:06:06 |
Bubu | but gitlab.com already has full project acess across the board | 19:06:35 |
Bubu | the runner isn't doing anything else | 19:06:41 |
Bubu | We can host our own gitlab | 19:07:24 |
_hc | right except for they cannot add commits to master, then remove them without anyone being able to notice | 19:07:37 |
_hc | git gives us that | 19:07:46 |
Bubu | It's pretty easy, but the network effect of eveyone having to sign up there is super bad :( | 19:07:53 |
cdesai | it'd also be an additional thing to maintain / admin / update | 19:08:16 |
Bubu | In reply to @eighthave:matrix.org right except for they cannot add commits to master, then remove them without anyone being able to notice It sure can? | 19:08:43 |
_hc | I would not like to have to defend a gitlab box like that | 19:08:49 |
_hc | so like push commit with exploit, then remove it to hide tracks | 19:12:46 |
_hc | if no one downloads it, then yes, they can | 19:12:47 |
_hc | gitlab.com could send a job to a runner without any log of it or public record. only the runner would see it. if its an exploit, then they remove the trace of that job from the runner | 19:12:48 |
_hc | that's standard exploit practice | 19:12:49 |
_hc | that just gave me an idea: we should have a box that just constantly mirrors master on all our git repos as a monitor | 19:12:50 |
_hc | if expploiter pushes a commit to master, then someone downloads it, then the exploiter cannot make that commit go away | 19:13:05 |