Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Apr 20 19:29
    CaselIT locked #1909
  • Apr 20 19:29
    CaselIT closed #1909
  • Apr 20 19:29
    CaselIT commented #1909
  • Apr 20 09:39
    open-collective-bot[bot] commented #1909
  • Apr 20 09:39
    lokeish opened #1909
  • Apr 20 07:51
    vytas7 edited #1908
  • Apr 20 07:44
    vytas7 edited #1908
  • Apr 20 07:43
    vytas7 edited #1908
  • Apr 20 07:41
    vytas7 edited #1908
  • Apr 20 07:31
    vytas7 milestoned #1908
  • Apr 20 07:31
    vytas7 labeled #1908
  • Apr 20 07:31
    vytas7 opened #1908
  • Apr 14 17:59
    vytas7 commented #1895
  • Apr 14 17:57
    vytas7 commented #1895
  • Apr 14 17:57
    vytas7 commented #1895
  • Apr 14 07:07
    vytas7 commented #740
  • Apr 13 14:37
    rwagnergit commented #740
  • Apr 12 19:29
    kgriffs milestoned #1895
  • Apr 12 18:26
    CaselIT commented #1899
  • Apr 12 18:17

    kgriffs on master

    fix(api_helpers): re-add falcon… (compare)

Vytautas Liuolia
@vytas7
I'm surprised the recent CalVer trend hasn't evolved to continuous deployment to PyPI yet. One could do CalVer including minutes, and push to PyPI upon every commit. :smiling_imp:
Federico Caselli
@CaselIT

I'm surprised the recent CalVer trend hasn't evolved to continuous deployment to PyPI yet. One could do CalVer including minutes, and push to PyPI upon every commit. :smiling_imp:

we could pioneer these brilliant ideas with falcon 😂

btw I would use epoch time for the version :)
Vytautas Liuolia
@vytas7
You're right; for high throughput projects, minute resolution might be limiting.
Kurt Griffiths
@kgriffs
lol
Federico Caselli
@CaselIT

You're right; for high throughput projects, minute resolution might be limiting.

you gotta future proof your CD workflow 😎

Federico Caselli
@CaselIT
another day, another round of dependabot pr
I wonder if we could set the frequency, like "only bother me twice a month"
Vytautas Liuolia
@vytas7
Yeah, it's not reasonable to deal with so much frontend when all we have is a largely static website.
Maybe we could just leave those PRs open?
https://docs.github.com/en/code-security/supply-chain-security/about-dependabot-version-updates#frequency-of-dependabot-pull-requests
There is a monthly option, plus we could set the number to something low, like 2, (if not already at 2).
Vytautas Liuolia
@vytas7
Otherwise it feels that the number of some-random-webpack-oneliner-tools is unbound :slight_smile:
Federico Caselli
@CaselIT
We all waiting for a next version of JavaScript that allows for one-word packages 😂
```js
Kurt Griffiths
@kgriffs
such is the nature of the node/npm ecosystem. zillions of dependencies!
Kurt Griffiths
@kgriffs
https://youtu.be/FyCYva9DhsI?list=PLv1y9jQoGsCguZj_0CwhPDss38-Wlao54&t=378
Vytautas Liuolia
@vytas7
Lol @kgriffs you're a master at distractions
vytas7 @vytas7 is watching through the FizzBuzz part of that video
Vytautas Liuolia
@vytas7
:laughing: https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpriseEdition

All roads lead to Stack Overflow

lol

Vytautas Liuolia
@vytas7
Homeopathic naming
in Java :slight_smile:
Federico Caselli
@CaselIT

https://docs.github.com/en/code-security/supply-chain-security/about-dependabot-version-updates#frequency-of-dependabot-pull-requests

thanks I've set it monthly

Vytautas Liuolia
@vytas7
:thumbsup:
Had we been a FE project, I would understand mote focus on this, but now it's just a distraction.
More focus**
Federico Caselli
@CaselIT
btw there seem to be a wheel version for arm osx. see https://pypi.org/project/orjson/#files that published them as universal2 wheels
Vytautas Liuolia
@vytas7
Feel free to add notes to falconry/falcon#1899 @CaselIT. I know little about Apple Silicon.
@kgriffs Have you had a chance to take a look at falconry/falcon#1904 ?
Federico Caselli
@CaselIT
shall we release .0.1?
Kurt Griffiths
@kgriffs
Things have been suspiciously quiet. I was waiting to see if there were any other issues we missed out of the gate.
Federico Caselli
@CaselIT
yes. makes sense.
Kurt Griffiths
@kgriffs
But I guess we can go ahead and do 3.0.1 maybe in a few days.
Federico Caselli
@CaselIT
I think we could release in the we of nothing else comes up. at worst we can do a .2. Releases are free :)
Kurt Griffiths
@kgriffs
true
I won't have time today but maybe tomorrow or wed. we can release it
Federico Caselli
@CaselIT
no rush, it wasn't like anything major
Kurt Griffiths
@kgriffs
Sorry, I've been slammed this week...let's shoot for Monday to do 3.0.1. We also need to update the benchmarks on the website at some point.
Federico Caselli
@CaselIT
No pressure in my part
Kurt Griffiths
@kgriffs
I got an email about this: https://about.codecov.io/security-update
We better check into it.
Federico Caselli
@CaselIT
Me too.
Vytautas Liuolia
@vytas7
Same here, I was thinking to check it but haven't got to it yet.
Just at a first glance, it shouldn't be an issue since we are only using some sort of automatic machinery for public repos, we don't give them anything.
Federico Caselli
@CaselIT
Yes, coverage is not used in wheel release pipeline. Still maybe chaning the pypi token would not hurt
Vytautas Liuolia
@vytas7
The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.
Heh, I remember I was speculating about Docker images used to build wheels from a very similar perspective.
@CaselIT And yes, you are right. We ought to rotate PyPi tokens.
The good ol' pipe envvars to a third party server trick :grimacing:
Federico Caselli
@CaselIT

Heh, I remember I was speculating about Docker images used to build wheels from a very similar perspective.

yes, but in out case we don't pass anything private to the images:

/usr/bin/docker run --name e45ff1ecb15b9146b78204be2e7e59cbc3_adac22 --label 5588e4 --workdir /github/workspace --rm -e PYTHONNOUSERSITE -e INPUT_PYTHON-VERSIONS -e INPUT_BUILD-REQUIREMENTS -e INPUT_PIP-WHEEL-ARGS -e INPUT_SYSTEM-PACKAGES -e INPUT_PRE-BUILD-COMMAND -e INPUT_PACKAGE-PATH -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/falcon/falcon":"/github/workspace" 5588e4:5ff1ecb15b9146b78204be2e7e59cbc3  "cp35-cp35m" "setuptools>=44 wheel>=0.34 cython>=0.29.21" "" "" "" "-w ./dist --no-use-pep517 -v --no-deps"

no secret there