[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building cloud images using Debian infrastructure

On Thu, Aug 09, 2018 at 04:11:19PM +0200, Bastian Blank wrote:
> On casulana it only can run qemu directly.  On GCE it would just start a
> VM on the platform.

Ideally the workflow would work in any VM host, whether that's qemu,
GCE, GitLab CI, or AWS. Maybe with some platform-specific details in the
build harness, such as to provide relevant bits of configuration, but
that should just set up and invoke the same build flow regardless of
platform.

I notice that a lot of your instructions refer to Docker, though. Are
you talking about running Docker inside transient VMs or using it
instead of transient VMs?

> A user will have the following ways to build it:
> - Push into the cloud-team repo and the builder on casulana will pick it
>   up.
> - Push into a private repo and the shared builder will pick it up.  This
>   does not yet work due to a missing config option and tags on the
>   builders.
> - Use "gitlab-runner exec docker --docker-privileged $job" to run it
>   from the checkout on her own Docker instance.
> - Use "gitlab-runner exec shell $job" or "gitlab-runner exec ssh $job"
>   to do the same either on the local machine or another one.
> - Use "make $job" to run it by hand from the working copy.  We need to
>   rename stuff a bit for that.
> 
> All of that need documentation, including information how to setup a
> capable runner.  I'm currently trying to convince gitlab.com to change
> their config a bit to make the build working without changes.

My hope is that nobody would need to know or use GitLab (except that
they would git clone our code from Salsa), nor have any write access to
Debian infrastructure whatsoever, in order to reproduce our builds.
Independent verifiability is good, and requiring installation of gitlab
or knowledge of gitlab-runner seems like unnecessary complexity.

I have no problem if we choose to use Salsa and/or casulana for our
builds. For builds which are run via Salsa, I imagine gitlab-runner
would be in the mix as a way to launch the build process. That's fine.

But any Debian user with a laptop and a way to run VMs should be able to
reproduce our builds without installing GitLab or seeking an account
from anyone. (The only exception would be if a provider-specific image
has a reason to require building on their platform, but then that would
still not require a Debian-controlled account.)

- Jimmy Kaplowitz
jimmy@debian.org
Reply to: