Publish log entry

1 files changed, 277 insertions, 0 deletions

diff --git a/blog/2018/09/11/planning_meeting_iteration_29.mdwn b/blog/2018/09/11/planning_meeting_iteration_29.mdwn
new file mode 100644
index 0000000..fe1f432
--- /dev/null
+++ b/blog/2018/09/11/planning_meeting_iteration_29.mdwn
@@ -0,0 +1,277 @@
+[[!meta title="Planning meeting (iteration 29)"]]
+[[!tag draft meeting]]
+[[!meta date="2018-09-11 10:14"]]
+[[!meta author="liw"]]
+
+THIS IS A DRAFT
+
+People
+=============================================================================
+
+* [[people/liw]]
+* [[people/dsilvers]]
+* Ivan
+
+Agenda
+=============================================================================
+
+* Discuss and decide goals for this iteration.
+
+Notes
+=============================================================================
+
+* This iteration is about moving ick towards being hostable. The
+  current roadmap for that is reproduced below, and is on the
+  [[roadmap]] page as well.
+
+* There are currently to major aspects that need work: isolating users
+  from each other, and having a friendly web user interface.
+
+* For isolation, we will make each "resource" in the ick API be owned
+  by a user, and for that we will need to change API use to rely on
+  access tokens that identify the user. This means moving form the
+  OAuth2 client credential authentication to OpenID Connect, extended
+  with "API tokens".
+
+* For the web user interface, Ivan and Daniel have agreed to
+  collaborate. Lars will stay out of it, since he's not a front-end
+  developer. The current plan is to use React, and to build the static
+  JS files in a container, using npm, and deploying the generated
+  files to a server.
+
+Roadmap for hostable ick
+=============================================================================
+
+    @startroadmap
+    hosted_demo:
+      label: |
+        Lars run a hosted
+        demo service for
+        himself and users
+      depends:
+        - user_friendly
+        - secure_from_users
+        - secure_for_users
+        - on_demand_workers
+        - trigger_service
+        - multiarch
+
+    user_friendly:
+      label: |
+        Ick is reasonably
+        user friendly to
+        techies.
+      depends:
+        - webui
+        - self_registration
+
+    multiarch:
+      label: |
+        Ick supports building
+        for multiple
+        architecturs.
+      depends:
+        - worker_tags
+        - concurrency
+
+    secure_from_users:
+      label: |
+        Ick is safe and
+        secure from users
+        doing silly things.
+      depends:
+        - networkless_containers
+
+    secure_for_users:
+      label: |
+        Ick is secure for
+        users to use.
+      depends:
+        - isolation
+        - secrets
+
+    secrets:
+      label: |
+        Ick provides a way to
+        securely use secrets:
+        ssh keys, pgp keys,
+        Qvisqve access
+        tokens.
+      depends:
+        - owned_resources
+
+    networkless_containers:
+      label: |
+        Containers have, by
+        default, no network
+        access. Trusted users
+        can allow specific
+        builds to have
+        network access in
+        containers.
+      depends:
+        - owned_resources
+
+    concurrency:
+      label: |
+        Ick can execute
+        several actions in
+        the same build
+        concurrently.
+      depends:
+        - worker_tags
+
+    worker_tags:
+      label: |
+        Ick allows projects
+        and workers to have
+        tags, and can choose
+        which worker to give
+        an action to, based
+        on tags
+
+    on_demand_workers:
+      label: |
+        Ick can create
+        and destroy
+        workers on demand
+      depends:
+        - worker_tags
+
+    trigger_service:
+      label: |
+        Ick can trigger
+        multiple builds when
+        a git repo changes,
+        or when an ick build
+        finishes, or after
+        some time has psssed
+
+    isolation:
+      label: |
+        Users can only see,
+        manipulate their own
+        data
+      depends:
+        - owned_resources
+
+    owned_resources:
+      label: |
+        Each resource is
+        owned by its creator
+
+    self_registration:
+      label: |
+        Users can create
+        an account by themselves
+        via a web browser
+      depends:
+        - webui
+
+    webui:
+      label: |
+        Ick has a web UI
+        that allows creation,
+        updating, triggering
+        of projects, builds,
+        viewing status, logs
+    @endroadmap
+
+Roadmap for this iteration
+=============================================================================
+
+    @startroadmap
+    owned_resources:
+      label: |
+        Each resource is
+        owned by its creator
+      depends:
+      - API_token_spec
+
+    API_token_spec:
+      label: |
+        Have a spec for how
+        API tokens work.
+
+    webui:
+      label: |
+        Ick has a web UI
+        that allows creation,
+        updating, triggering
+        of projects, builds,
+        viewing status, logs
+      depends:
+        - ui_hello
+        - ui_cd
+
+    ui_hello:
+      label: |
+        Write a React "hello, world"
+        application.
+
+    ui_server:
+      label: |
+        Set up server where
+        the web UI is hosted.
+
+    ui_cd:
+      label: |
+        Set up ick job to build
+        web UI and deploy it to
+        a server.
+      depends:
+        - ui_server
+    @endroadmap
+
+Current projects
+=============================================================================
+
+* [[projects/2017/foo]]
+
+
+Tasks for this week
+=============================================================================
+
+Tasks may be part of a project or be random small ones (max an hour)
+that just need doing.
+
+[[!table data="""
+what                                        | Who   | estimate(h)
+
+Draft spec for API tokens in Qvisqve            | Lars          | 1
+Draft spec for variable expansion in .ick files | Lars          | 1
+Hack up a "hello, world" React application      | Ivan, Daniel  | 4
+
+Total                                       |                | [[people/liw]]   | 
+"""]]
+
+Task descriptions
+------------------------------------------------------------------------------
+
+* **Draft spec for API tokens in Qvisqve:** Draft a specification for
+  how API tokens would work in Qvisqve, and how they would be used by
+  icktool. Offer draft for review.
+
+  _Acceptance criteria:_ At least one person says +1 and nobody has
+  serious objections.
+
+* **Draft spec for variable expansion in .ick files:** To let users
+  reduce repetition in .ick files, and to shorten them, it would be
+  nice to be able to use variables. Draft a specification for how that
+  would work, with examples. Probably based on the [Mustache][]
+  specification.
+
+[Mustache]: https://mustache.github.io/mustache.5.html
+
+  _Acceptance criteria:_ At least one person says +1 and nobody has
+  serious objections.
+
+* **Hack up a "hello, world" React application:** The application
+  should say "hello, world", and use the React machinery to do so: npm
+  to install dependencies, whatever the React build command is chosen
+  to do the build. The application should be built by the demo ick
+  service, and deployed to a server.
+
+  _Acceptance criteria:_ When a change is pushed to the ickui.git
+  repository, it gets automatically built and deployed to a demo
+  server.