Wikimedia Release Engineering Team/Deployment pipeline/2017-02-14
2017-02-14
editUpdates
edit- Moving to etherpad because I'm slow to GDoc — https://etherpad.wikimedia.org/p/container-cabal
- Should store these notes some place public — mw.org? Wikimedia_Release_Engineering_Team/Deployment_pipeline
- Services requirements - https://phabricator.wikimedia.org/T158015
- RelEng requirements - https://docs.google.com/document/d/1_6uJCQ9UttAb0hQ3upwOE8wrCiADs-x-VuyHMbjZYo0/edit#heading=h.a3hyhu5bz40v
Last Time
edit- ./service-runner.js generate -t
- Dumps a dockerfile that's entrypoint is
npm test
- Dockerfile + node version manager
- Dumps a dockerfile that's entrypoint is
- Mathoid POC task
- Needs to be broken down further, I think
Next
edit- Mathoid
Dockerfile
edit- Currently installs from nvm
- could be installed from a base image
- i.e. specific images for the node version
- Could use package.json spec for php
- hhvm vs php5 vs php7
- Images in testing vs images in production pipeline
- Differences of note:
- hipdump installed for all services (with chrome) -- not in testing
- npm deduplication (see also npm shrinkwrap)
- Dockerfiles are not the abstraction for repo maintainers
Images
editNeed a registry and some base image.
- Questions for operations
- What do the base images look like? How are they created? Are they signed?
- Re: Some Build Manifest Abstraction, do we limit package installation from certain apt sources?
- What do they need from this pipeline
- Base image updates trigger new builds/tests/everything
- Example: firejail updates
- Currently manual testing in beta and rollout