Wikimedia Release Engineering Team/Deployment pipeline/2017-02-14

< Wikimedia Release Engineering Team | Deployment pipeline

2017-02-14

Updates

Moving to etherpad because I'm slow to GDoc — https://etherpad.wikimedia.org/p/container-cabal
Should store these notes some place public — mw.org? Wikimedia_Release_Engineering_Team/Deployment_pipeline
Services requirements - https://phabricator.wikimedia.org/T158015
RelEng requirements - https://docs.google.com/document/d/1_6uJCQ9UttAb0hQ3upwOE8wrCiADs-x-VuyHMbjZYo0/edit#heading=h.a3hyhu5bz40v

Last Time

./service-runner.js generate -t
- Dumps a dockerfile that's entrypoint is npm test
- Dockerfile + node version manager
Mathoid POC task
- Needs to be broken down further, I think

Next

Mathoid
- Testing dockerfile

Dockerfile

Currently installs from nvm
could be installed from a base image
- i.e. specific images for the node version
Could use package.json spec for php
- hhvm vs php5 vs php7

Images in testing vs images in production pipeline
Differences of note:
- hipdump installed for all services (with chrome) -- not in testing
- npm deduplication (see also npm shrinkwrap)

Dockerfiles are not the abstraction for repo maintainers

Images

Need a registry and some base image.

Questions for operations
- What do the base images look like? How are they created? Are they signed?
- Re: Some Build Manifest Abstraction, do we limit package installation from certain apt sources?
- What do they need from this pipeline
- Base image updates trigger new builds/tests/everything
  - Example: firejail updates
  - Currently manual testing in beta and rollout

As Always

Release Pipeline Workboard

Retrieved from "https://www.mediawiki.org/w/index.php?title=Wikimedia_Release_Engineering_Team/Deployment_pipeline/2017-02-14&oldid=3615663"