Wikimedia Release Engineering Team/Deployment pipeline/2017-10-03

Last Time

edit

RelEng

edit

question: what happens when someone posts a malicious change?

edit
  • Do we build and push the container?
  • tyler/marko: Only build and push on CI +2
  • marko: Should run a subset of tests based on an upload
  • tyler: current setup has jenkins +1 for unknowns, jenkins +2 for known, and CR +2 tests
  • dan: issue of trust (what's being submitted), issue of atomicity -- shitty concurrency
  • joe: staging cluster is +2 from user and pipeline, possibly also have integration e2e tests before deployment
    • dan +1 -- is there something that's needed for pre-merge?
    • alex: maybe not e2e tests on staging
      • joe: maybe use a namespaces/tags to control push
  • dan: feedback loop is much wider if we're running e2e tests post-merge

Services

edit
  • none (yet)


As Always

edit