# September 28th 2021 # Cloud Custodian (C7n) Community Meeting Minutes ###### tags: `Meeting` :::info - **Meeting URL:** [meet.google.com/mii-evqh-esh](meet.google.com/mii-evqh-esh) - **Date:** September 28thth, 2021 (2:00 PM (ET) / 11:00 PM (PT) / 6PM (UTC)) - **[Timezone Converter (Click me)](https://www.timeanddate.com/worldclock/converter.html?iso=20210629T180000&p1=tz_et&p2=tz_pt&p3=22&p4=240&p5=136&p6=176&p7=37&p8=248)** - **Host:** Jorge Castro - - **Meeting Contact:** Jorge: <jorge@stacklet.io> - **Permalink:** - **Video Link:** - **Board**: [Community Board](https://github.com/cloud-custodian/community/projects/1) - **Participants:** ::: ## Agenda Items - Introductions and Announcements [@castrojo]`5m` - Agenda Items `15m` - Governance as Code Day is coming! - [Register now](https://hopin.com/events/governance-as-code-day-with-cloud-custodian-hosted-by-stacklet) to attend - :new: [Schedule now available!](https://hopin.com/events/governance-as-code-day-with-cloud-custodian-hosted-by-stacklet#schedule) - **Reminder: You do not need to be registered to KubeCon to attend!** - Regular weekly doc sprints sessions [@liz-acosta] - [Agenda](https://hackmd.io/Tex0egW4R96EWmS7zRIHtg) - Review and edit documentation for server side filters [liz/AJ] For more context: - https://github.com/cloud-custodian/cloud-custodian/issues/6874 - Kapil working on getting CI down under 2 minutes. - We're sitting at around ~10m now - Will unify the matrix for Mac/Linux/Windows - Outlier: Should move docker build to be async, we should not build it unless there's been a change to the docker image. - Outlier: Doc builds too, need to look at an update into Sphinx, generally that hasn't helped. Upstream has been great responding to our issues when we report them. - [Documentation .html differs from .rst source #6890](https://github.com/cloud-custodian/cloud-custodian/issues/6890) - fixed - We need ARM64 support for graviton and co. - Star/comment [here](https://github.com/cloud-custodian/cloud-custodian/issues/6102) if it's important to you so we can incorporate feedback - Should we sign the docker images while we're at it? - Docker's notary v1 tied to the registry it's on - v2 has been in progress - SIG Store's cosign - usable, simple, just don't built into our workflow and the signature is a sidecar, so we can bring it with us when the image moves. - Lots of moving parts, providers, we don't want to add complexity/security surface without a good security review/time invested. - Some challenges related to AWS credentials in GitHub Actions are being addressed via [OIDC federation](https://github.com/github/roadmap/issues/249) - Nightly functional builds not available to the wider community, but that exposes cloud account in the build logs. - Finding the right prioritization is the main question, moving to poetry has helped us do additional validation for our supply chain security via sha-265 checksums, so if we got a malicious package via pypi in our CI we would be ok. - CNCF EasyCLA bot: Kapil: UX not well suited to our purpose, consider switching to [CLAbot](https://github.com/cla-assistant/cla-assistant) or switch to DCO. - Jorge joined channel in CNCF, going to actively engage with other maintainers - [New Events page with calendar](https://cloudcustodian.io) - :new: Make-gitter-easier [@castrojo] - New element release, kicking the tyres - :new: Documentation for server-side filters - [@liz-acosta] spoke with AJ for further clarification - Think it would be good to tackle in this week's Doc Sprint - For reference: In [Issue #6874](https://github.com/cloud-custodian/cloud-custodian/issues/6874) it was noted that it may be helpful to document policy `query` block/server-side filters. However, c7n does not support server-side filters for _all_ resources, so a primary consideration for documentating them is how to do so without adding confusion/misunderstanding, how to make documentation the _most_ useful. - :new: Tip o' the day: [/tools/dev/changelog.py](https://github.com/cloud-custodian/cloud-custodian/blob/master/tools/dev/changelog.py) :house: Events - Upcoming Cloud Custodian Days (Resuming in November!) - [Workshop (for beginners)](https://app.livestorm.co/stacklet-io/cloud-custodian-101-workshop?type=detailed) - Pull Request Party `15m` - Spare/Extra time will be dedicated to PR reviews. (See below) :mag: PR/Issue Review --- - :new: [Releng - switch off drone to github actions for docs build #6786 ](https://github.com/cloud-custodian/cloud-custodian/issues/6786) :books: Backlog --- - Contributor Guide [@liz-acosta] - https://cloudcustodian.io/docs/contribute.html - Should we make a video for local dev environment? - Priority backlog for the cloud providers. [@kapilt] - Enhancements/Feature Process [@kapilt] - Rename master->main in github [@kapilt] - https://github.com/github/renaming#renaming-existing-branches - GitHub how supports this, we can try this now. - afaict it's low risk, I'll keep investigating. - No progress this week, kapil will sanity check it this week if he can. - Make-gitter-easier [@castrojo] - More to report in the future. - Todd: drone.io just recently switched from gitter to slack and introduced a proposal github repo for this same problem set: https://github.com/drone/proposal - Recommend [pipx](https://pypa.github.io/pipx/) for non-contributor installs? [@ajkerrigan] - Do we [support brew](https://formulae.brew.sh/formula/c7n)? - Version is old, should we consider updating that? - Jorge to file an issue, see if there's a volunteer person who's into this. - Policy Testing ([spec](https://github.com/cloud-custodian/cloud-custodian/issues/6407)) [@marcoceppi] - Soliciting feedback, please check it out and comment on the issue! :closed_book: Action Items -- ## Chat Logs No chat today!