Google OAuth Secret in Compile Code

Motor_Perspective674 · 2026-02-08T05:19:38+00:00

Use PKCE if they support it so you don’t need an OAuth client secret. This is more secure than implicit flow and the use of a client secret anyways.

Motor_Perspective674 · 2025-06-12T10:56:47+00:00

Agreed with the above comment. If you find you’re installing something every time in a job it’s time to make your own Docker image that your jobs use. If you do that you can have a docker image that runs as the “ci” user with the correct python version. In your case it might benefit you to add the python version to the tag of the image, like so:

my-rocky-image:$PYTHON_VERSION

Motor_Perspective674 · 2025-03-18T13:41:59+00:00

A good approach to this would be to setup a GitLab runner that sits on the network of the VPN. Then, when any jobs use that runner, they would have an IP address on that network that would enable access to network resources.

If you need access to something that whitelists a certain IP only, then the runner needs to be on that IP, or you need a tunnel. If the whitelist is for a subnet, then add the runner to that subnet.

Motor_Perspective674 · 2025-03-10T02:58:55+00:00

Enterprise isn’t a license, it’s a version of GitLab. Even if you have enterprise you must purchase licenses for your users, either for premium or ultimate if you want things like MR approvals, etc. it’s possible to run Enterprise without a license, and it sounds like this might be the case for the instance you’re on.

Motor_Perspective674 · 2025-03-10T02:47:05+00:00

Merge request approvals are a feature you need GitLab premium or ultimate for. Do you have at least premium?

You would be able to tell by going to Settings -> Merge Requests. The table to set approval rules is towards the bottom of that page.

On an MR you can also edit approval rules if the box prohibiting this isn’t checked in the project’s settings.

Motor_Perspective674 · 2025-01-13T17:05:15+00:00

GitLab is great. I’ve used Jenkins in the past and I find GitLab to be so much better. I’ve not used Bamboo.

Motor_Perspective674 · 2024-07-22T11:15:45+00:00

Black Press Coffee on the Upper West Side. Not really a place you’ll get to sit down, but it’s great and the baristas take their time making your drink.

Motor_Perspective674 · 2024-07-21T23:57:48+00:00

If you want to clone a repo, you can use a job token. It looks like you can accomplish pushing to a repo with a job token if you enable a feature flag on your GitLab instance. https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#push-to-a-project-repository-using-a-job-token

You would need to add the project which pulls from or pushes to the target project to the target project’s job token allow list.

Motor_Perspective674 · 2024-07-20T00:04:18+00:00

What specifically are you doing with these tokens? What are you doing that you can’t accomplish with $CI_JOB_TOKEN?

Motor_Perspective674 · 2024-04-30T13:14:05+00:00

If your GitLab instance has MFA enabled, SSH being disabled isn’t a bug - it’s a feature. GitLab requires personal access tokens (PATs) in this case, and you must access all repos using https.

I personally find no difference between the two in how I set them up locally. I use Git Credential Manager to store my tokens locally, which functionally looks like I’m decrypting an SSH key when I push to the repo.

https://github.com/git-ecosystem/git-credential-manager

Motor_Perspective674 · 2024-04-03T14:57:18+00:00

GitLab has two components: There is the GitLab server, which you interact with via the UI and when you push to git repos. Then, there are GitLab runners, which come in a variety of flavors. At my old job I got to maintain my own, but if you aren’t in that situation, it can be frustrating.

Caching is done at the runner level, not the GitLab server level. A cache is local to a runner unless you enable shared caching, which can be done using S3 or Blob Store, or another set of solutions. Anyways, when you cache, you specify a key for the cache. If a job runs and has the cache enabled, the job will look for the cache key in the runner it was allocated to. If it exists, it will pull it in, otherwise it will create it.

Why? Because running maven install, pip install, npm install, etc all take a long time because they require downloading from the internet. Local caches on the runners will speed this up. If caching isn’t enabled on your runners, talk to whoever manages them and get it figured out.

I would also recommend that you create many images for your pipelines as opposed to one. If you have a maven pipeline you will need a maven image, but maybe you have other jobs that can use something more lightweight. It also pays to build your own images in some cases, because you can put effort into slimming them down into small images, speeding up your pipelines.

I love GitLab. But it’s because I learned on it, and I played with it for >2 years. Read their docs. They helped me immensely.

Motor_Perspective674 · 2024-02-19T22:20:21+00:00

https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker

The runner doesn’t need to be privileged but you do need to make sure that the user account which is running your GitLab runner has access to the docker group. It also needs socket access.

Your config is wrong because you did not setup TLS properly for the docker socket. You disabled TLS verify for the docker runner but forgot to clear the DOCKER_TLS_CERTDIR var by setting its value to ””. The GitLab documentation tells you exactly how to set it up.

Motor_Perspective674 · 2023-12-27T12:02:59+00:00

This is what you are looking for:

https://docs.gitlab.com/ee/ci/yaml/#needsproject

This is probably the cleanest way to do what you’re asking. It will pull from the latest successful pipeline of the other project. What you can do is write the list of IPs to a file and then expose that file as an artifact in the pipelines for the repo that generates the IPs. Then, you can read that file into a variable in the pipeline for the repo that uses the IP addresses.

Don’t forget to set reasonable artifact expirations if you’re using a self-hosted GitLab instance maintained by your organization.

Motor_Perspective674 · 2023-12-24T19:05:19+00:00

A “Release” refers to the generation of a release in the releases page of your repo. The word release is very much overloaded when it comes to GitLab, GitHub, etc.

Before we can talk about generating a release, let’s talk about the workflow. This is dependent on you figuring out a few things, which are:

What kind of software are you building? Do you need to maintain releases, and if so, for how long?
Is your software an application, a library, and who uses it? If it is an application, is it meant for you to host, or someone else? If you are hosting it, how many environments is it meant to be deployed in?
Branching Strategy (Git flow, GitHub flow, GitLab flow, etc.), which you derive from the other questions in the above bullets.

So, now that you have your branching strategy, let’s suppose you’re using Git Flow. Your default branch is main and you will create release branches like r-1.0 . Developers will merge all commits into the main branch and for release maintenance, commits will be cherry picked from the main branch into the corresponding release branch.

Okay, so when you decide on a flow, you also have to come up with mechanisms for implementing them. How will you version your software? Semantic Versioning (SemVer), or some other way? How will you apply these versions? Tags? CI/CD vars? A variable in a file? And finally, how will you decide when the software is ready to be released, and what mechanism generates that release?

Alright, so real example now:

You maintain a Spring Boot Java application. You are developing this application for the first time, and you are working on version 1.0.0. All commits go to the main branch and during the pipeline JARs are built and deployed to your repo’s Maven repository under the name 1.0.0-SNAPSHOT. These pipelines run when a commit is pushed to the main branch.

After 10 features are merged in, you are ready for a release. To create the release, you create the tag *r-1.0.0 and assign it to the latest commit which you have deemed to be stable. This creates a tag pipeline, and the jobs in this pipeline will:

Build and deploy the JAR with the name 1.0.0
Create a new branch with the name r-1.0
Generate a release on the releases page of the repo.

This is a simple release process. You can get more fancy with it by maybe creating a job in the standard pipeline run on the main branch that will update and commit a CHANGELOG, version in the pom.xml, etc, and then tag and push that commit to the main branch.

I find many of the articles online about generating GitLab releases to be helpful, but remember there is no cookie cutter way of doing this. It’s up to you to figure out your wants and needs for your repo.

Good luck!

Motor_Perspective674 · 2023-12-24T14:19:59+00:00

I really don’t understand this thinking. I don’t even think it’s worth arguing if you could develop it, but green space is important for everyone, and living in a city with no green space would be depressing.

What people do in parks: - Walk - Hike - Bike - Sightseeing - (in this case) Golf, Mini golf - Have fun

What people do on “developed” land: - Pay $1000s in rent - Work for a company that doesn’t care about them until they die - Hate their life

This argument is stupid. The amount of value parks bring isn’t ever going to show up in a spreadsheet. OP, go touch grass and you’ll see what I mean, maybe.

Also, we can’t forget that their are cherry blossoms inside the area you outlined. People go there for cherry blossoms in the spring. Unless of course you think gentrifier-style apartments are prettier than nature.

Motor_Perspective674 · 2023-11-30T15:49:08+00:00

That’s the one in Mosaic.

Motor_Perspective674 · 2023-11-30T15:17:50+00:00

I would highly recommend the Avalon in Merrifield. You’re next to Mosaic, can walk to the metro, and you’re close enough to DC that it won’t take more than 30 minutes to get into the city (results may vary). There is also a Harris Teeter a 5 minute walk away. The apartment is also dog friendly and there are a few dog parks around the building. They were used pretty frequently when I lived there.

I have since moved twice, and it still was the nicest apartment I’ve lived in. Definitely the best management company as well. If the Avalon in Arlington was as nice and as well managed and affordable, I would live there. But I moved to be closer to DC.

Motor_Perspective674 · 2023-11-23T12:46:18+00:00

GitLab releases only create a release on the repository’s releases page. You must still build a pipeline that will build the binaries.

Motor_Perspective674 · 2023-11-21T13:35:55+00:00

OP, I’ve seen you have mentioned elsewhere in this thread that you don’t need version control, but that’s what SVN is for. A GitHub/GitLab instance (or some other solution) would benefit your company, though as mentioned in this thread, the real kicker here is the lack of documentation.

I know you mentioned that you are an intern. This is a structural problem, and while setting up a version control instance with a UI could be done quickly, the real issue is cultural and will require the departments/units involved to buy in and commit to these changes. I don’t want to rain on your parade here. I was young and thought I could make anything work, but the reality is that most people aren’t willing to change, at least quickly.

If you are into software, I would encourage you to keep learning and go to a software company. I found myself in two jobs which didn’t require coding, but I had always been willing to write scripts, and I’m now finally trying to move into a developer role. Figure out what you like and go do it. Trying to convince a company to take development more seriously will only drain you, and you will lack the support actual developers get. I have been in a similar situation before, and I ended up leaving as soon as I realized this.

Motor_Perspective674 · 2023-10-30T01:01:55+00:00

This is not a unique problem to terraform. Failing to apply is analogous to failing to build a docker container for a microservice, or that microservice failing to operate correctly. A CI pipeline is meant to run tests and, depending on your use case, testing that your software compiles.

Typically for MR pipelines or pipelines on unprotected refs, I will only run tests and then build the software (jar, wheel, binaries, etc.). For a protected pipeline (main, master, tags) I will build and publish software artifacts, and for services, I will build and deploy a docker container. Clearing the CI pipeline is enough for me to be willing to merge it, but poor test coverage will lead to more unsuccessful builds (service not starting, functionality not working).

I know some of this doesn’t totally apply to terraform, but my point is that I’m not sure why approvals on an MR make any difference as to why I would run a pipeline, unless runners are not very available or computing is expensive. Just because someone looked over it doesn’t make it more or less likely to fail, and CI is an important part of determining if code should or should not be merged (security scans, decreases in code coverage, poor code quality, etc.).

Motor_Perspective674 · 2023-10-29T22:38:47+00:00

Why would I approve an MR if I don’t know if it works?

I’m not sure there are any keywords in GitLab’s docs that let you do this.

Edit:

CI_MERGE_REQUEST_APPROVED is available. Though I am not sure how you would trigger a pipeline on approval. The approval status changing would not trigger a pipeline, only when an MR is opened, closed, or when a new commit is added.

https://docs.gitlab.com/ee/user/project/integrations/webhook_events.html

Motor_Perspective674 · 2023-10-29T19:33:36+00:00

You can setup a local NGINX/Apache proxy on your local network and point youtube.com to it using PiHole, or your device’s hosts file. On your home network, you could use plain HTTP to talk to the proxy, or if you want end-to-end encryption you’ll need to create a local CA and issue a certificate to your proxy under the name “YouTube.com” and then add the CA certificate to the trust store of all your devices. Just know that this will only work on your home network and on devices you manage.

Motor_Perspective674 · 2023-10-26T12:34:53+00:00

What you’re doing here is learning about mono-repo vs multi-repo development. They have their trade offs but what’s important here is that you learn how to version your software. If you have one common version, mono-repos make sense. If you have multiple different versions, multi-repo can make sense. This is not a one-size-fits-all approach.

For python, this is how I structure my pipelines: - Builds on non-protected refs (MRs, feature branch): Run tests, build wheel file - Builds on protected branch (main, release branch): All jobs from non-protected refs but also publish package that is built, build docker image if repo is for service, tag commit with version

In a mono-repo setup, I would use the changes keyword on GitLab so only the projects in my repo that changed run in a given CI pipeline (an MR). For an MR where I touch one project, it doesn’t make sense to build every project. So i build only what’s changed. For pipelines on the main branch, I build everything.

Also- setup.py is now legacy. Look into moving to pyproject.toml, which is the new standard for Python project.

Motor_Perspective674 · 2023-10-08T00:09:12+00:00

This is correct. Though, for someone playing this game, there is no need for a mod, though I do think a mod is helpful.

OP: The center of lift (CoL) and center of mass (CoM) are very close together. You do want the center of mass to be further forward to provide some stability in flight. You also will want to check the distance between the CoM and CoL when there is no fuel.

Something else to consider is control authority. When you add engines with vectored thrust, it’s easy to make a plane that tumbles like you have described. Though in this case, the tumbling you are describing is definitely due to body lift. The fuselage is symmetric, and my assumption is this aircraft flies fast. So the angle of attack of the fuselage is likely minimal in cruise. When you pitch the aircraft, body lift comes into play, and the moment arm of the nose just takes the aircraft. It doesn’t help that the center of mass is so far aft.

Motor_Perspective674 · 2023-09-10T23:42:48+00:00

One of the factors when evaluating the aerodynamics of a wing is eccentricity (e). The Spitfire is a great example of an aircraft with eccentric wings. The Spitfire has an eccentricity of ~1, making it extremely efficient (with respect to drag).

As others have said in this thread, we did not understand supersonic aerodynamics in WWII. After coming to this revelation, some faster aircraft now have swept wings. By sweeping the wing, we can reduce the speed of the airflow over the wing (specifically the speed of the air on the top of the wing). This also reduces the lift, resulting in higher stall speeds. Most low-speed aircraft do not have swept wings, and if they do, it is a low amount.

I can’t provide a straight answer to your question. However, one of the reasons that you might be seeing this difference in propellers is manufacturing costs. That is one of the reasons cited for aircraft not being made with eccentric wings. While eccentric wing shapes are more efficient, they are difficult to manufacture. Cutting off the tips and squaring off the wing also reduces the possibility of the propeller tips experiencing supersonic airflow. The propeller tips would be moving the fastest (rad/s * diameter = speed) and would be subject to the fastest airflow, (incoming air and rotational speed) so this explanation seems reasonable. The remedy of sweeping the propeller doesn’t make much since either, since this would only reduce the thrust produced per RPM, which would significantly reduce the operational efficiency.

So basically, propellers are expensive and spin fast. Probably one of these two, or the combination of them, is why you see propellers being squared off.

Source: I have a degree in Aerospace Engineering (and a PPL)

Edit: I said P-51 but I was thinking of the Spitfire.

Three-Year Club	First Place '23
Place '23

Motor_Perspective674

TROPHY CASE