Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI (Buildkite): upload musl64 nightly binaries to S3 #42495

Closed
wants to merge 1 commit into from
Closed

CI (Buildkite): upload musl64 nightly binaries to S3 #42495

wants to merge 1 commit into from

Conversation

DilumAluthge
Copy link
Member

No description provided.

@DilumAluthge DilumAluthge added domain:ci Continuous integration backport 1.6 Change should be backported to release-1.6 backport 1.7 labels Oct 4, 2021
@DilumAluthge DilumAluthge force-pushed the dpa/upload-musl-nightlies-s3-buildkite branch from e281fd0 to b36a125 Compare October 4, 2021 20:39
@DilumAluthge DilumAluthge force-pushed the dpa/upload-musl-nightlies-s3-buildkite branch from b36a125 to f4cf448 Compare October 4, 2021 22:32
staticfloat
staticfloat reviewed Oct 4, 2021
View reviewed changes
.buildkite/pipelines/main/0_webui.yml
Comment on lines +24 to +25
- pipeline: .buildkite/pipelines/main/upload_s3/musl.yml
signature_file: .buildkite/pipelines/main/upload_s3/musl.yml.signature
Copy link
Sponsor Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of adding this to 0_webui.yml, which is somewhat disruptive, as you have seen, we should instead launch a signed_pipelines.yml which serves as a launchpad for our signed pipelines, just like how we have a launch_unsigned_builders.yml. This minimizes the amount of changes to 0_webui.yml that we have to perform.

When we do need to change 0_webui.yml, what we should do is test it out with the experimental pipeline, then add all the files we need, let it sit on master for a week, then add it to the 0_webui.yml file. This will give our changes a chance to propagate to most of the PRs that are being opened at the time.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So is the idea that 0_webui.yml (and the contents of the web UI) will look like this:

# This file represents what is put into the webUI.
# It is purely for keeping track of the changes we make to the webUI configuration; modifying this file has no effect.
# We use the `cryptic` buildkite plugin to provide secrets management, which requires some integration into the WebUI's steps.
agents:
  queue: "julia"
  sandbox.jl: "true"
steps:
  - label: ":unlock: Unlock secrets, launch pipelines"
    plugins:
      - staticfloat/cryptic:
          # Our list of pipelines that should be launched (but don't require a signature)
          # These pipelines can be modified by any contributor and CI will still run.
          # Build secrets will not be available in these pipelines (or their children)
          # but some of our signed pipelines can wait upon the completion of these unsigned
          # pipelines.
          unsigned_pipelines:
            - .buildkite/pipelines/main/launch_unsigned_builders.yml

          # Our signed pipelines must have a `signature` or `signature_file` parameter that
          # verifies the treehash of the pipeline itself and the inputs listed in `inputs`
          signed_pipelines:
            - pipeline:       .buildkite/pipelines/main/signed_builders.yml
              signature_file: .buildkite/pipelines/main/signed_builders.yml.signature

And then the .buildkite/pipelines/main/signed_pipelines.yml file looks like this:

agents:
  queue: "julia"
  sandbox.jl: "true"
steps:
  - label: "Signed pipelines"
    plugins:
      - staticfloat/cryptic:
          # Our signed pipelines must have a `signature` or `signature_file` parameter that
          # verifies the treehash of the pipeline itself and the inputs listed in `inputs`
          signed_pipelines:
            - pipeline:       .buildkite/pipelines/main/misc/signed_pipeline_test.yml
              signature_file: .buildkite/pipelines/main/misc/signed_pipeline_test.yml.signature
            - pipeline:       .buildkite/pipelines/main/upload_s3/musl.yml
              signature_file: .buildkite/pipelines/main/upload_s3/musl.yml.signature

Is this correct?

@KristofferC KristofferC mentioned this pull request Oct 5, 2021
Merged
84 tasks
This was referenced Oct 19, 2021
Merged
Merged
@KristofferC KristofferC mentioned this pull request Nov 15, 2021
Merged
29 tasks
@DilumAluthge
Copy link
Member Author

We will continue working on this in the https://github.com/JuliaCI/julia-buildkite repository.

@DilumAluthge DilumAluthge deleted the dpa/upload-musl-nightlies-s3-buildkite branch November 17, 2021 01:06
@KristofferC KristofferC removed backport 1.6 Change should be backported to release-1.6 backport 1.7 labels Nov 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@staticfloat staticfloat staticfloat left review comments

Assignees
No one assigned
Labels
domain:ci Continuous integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DilumAluthge @staticfloat @KristofferC