GSoC 2019 [Buildbot ideas]
Rajdeep Bharati
rajdeepbharati13 at gmail.com
Fri Mar 29 09:31:43 UTC 2019
Yes, I agree.
On Fri, Mar 29, 2019 at 1:48 PM Pierre Tardy <tardyp at gmail.com> wrote:
> My fear is that this is part of the many stretch goals, and this is
> beginning to be very optimistic schedule.
> I think it is best to make a great finished GSoC rather than lots of very
> cool but unfinished mini projects.
>
> From my experience, I'd say settuping securing and optimising macos
> precommit CI is a full 3 month work.
>
> The number one mistake for young talented people is to underestimate
> things.
>
> https://en.wikipedia.org/wiki/Pareto_principle
>
> Regards,
> Pierre
>
>
> Le jeu. 28 mars 2019 à 18:50, Rajdeep Bharati <rajdeepbharati13 at gmail.com>
> a écrit :
>
>> I will try to set up libvirt. I can keep the PR comment from admin as a
>> backup option.
>>
>> Rajdeep
>>
>> On Thu, Mar 28, 2019 at 5:37 PM Pierre Tardy <tardyp at gmail.com> wrote:
>>
>>> You can take control of the VM by downloading a ransomware or botnet or
>>> whatever.
>>>
>>> You usually counter that by making sure the PR VMs are restricted in
>>> term of network access they can do, and also restricted in the number of
>>> time it is alive (basically just the time of the build)
>>>
>>> Another much more simple option is to trigger the PR testing via a PR
>>> comment from an admin.
>>>
>>> If a macPort maintainer sends a message like "Go Buildbot", then
>>> buildbot would catche that a start a build, provided that the PR got basic
>>> review, and is not suspicious.
>>>
>>>
>>> Pierre
>>>
>>>
>>> Le jeu. 28 mars 2019 à 13:03, Rajdeep Bharati <
>>> rajdeepbharati13 at gmail.com> a écrit :
>>>
>>>> All right. Could you please give an example of a malicious PR? Would it
>>>> be one which is done (locally tested) from an old version of macOS?
>>>>
>>>> On Wed, Mar 27, 2019 at 9:55 PM Mojca Miklavec <mojca at macports.org>
>>>> wrote:
>>>>
>>>>> Dear Rajdeep,
>>>>>
>>>>> It's not just a question of how to fetch a PR. That shouldn't be too
>>>>> difficult, I hope (and probably the link you provided works as intended).
>>>>>
>>>>> The tricky question is how to prevent malicious PRs from doing damage
>>>>> on the builders. I assume that a proper solution would require starting a
>>>>> fresh VM for each build. There is some support in the buildbot already:
>>>>>
>>>>> http://docs.buildbot.net/2.1.0/manual/configuration/workers-libvirt.html
>>>>> https://github.com/kholia/OSX-KVM
>>>>> but we would need to find a way to create VMs with macOS, so it might
>>>>> not be trivial to do it. On top of that what we would really need the PRs
>>>>> for are the old machines (say, 10.6, or even 10.4 if we would want to go to
>>>>> extremes) where it might be even less trivial to automate this in a nice
>>>>> way.
>>>>>
>>>>> (A compromise solution would be to only allow trusted developers to
>>>>> test pull requests on devoted builders, where we would also need to make
>>>>> sure to uninstall the software after the PR is done building.)
>>>>>
>>>>> While implementing this remains almost the number one requested thing
>>>>> when people contribute to packages, I'm not sure how much time doing this
>>>>> would take. It could be that this could be done in a day or a few days, but
>>>>> it's also possible that there would be some stumbling block that would
>>>>> require more hacking skills and would prevent us from proceeding, and not
>>>>> even two months would suffice. In one way, I wouldn't mind if a student
>>>>> would work on this for the full summer to get this working; on the other
>>>>> hand, if there's a block and none of us is skilled enough to overcome it,
>>>>> it makes more sense to proceed with other stuff that can certainly be done.
>>>>>
>>>>> Mojca
>>>>>
>>>>>
>>>>> On Wed, 27 Mar 2019 at 16:05, Rajdeep Bharati <
>>>>> rajdeepbharati13 at gmail.com> wrote:
>>>>>
>>>>>> I could use the GitHubPullrequestPoller
>>>>>> <http://docs.buildbot.net/current/manual/configuration/changesources.html#chsrc-GitHubPullrequestPoller> which
>>>>>> periodically polls the Github API for new/updated PRs.
>>>>>>
>>>>>> Here is an example:
>>>>>> https://github.com/halide/build_bot/blob/master/master/master.cfg
>>>>>>
>>>>>> c['change_source'].append(GitHubPullrequestPoller(
>>>>>> owner = 'halide',
>>>>>> repo = 'Halide',
>>>>>> token = token,
>>>>>> pullrequest_filter = pr_filter,
>>>>>> pollInterval = 60*5, # Check Halide PRs every five minutes
>>>>>> pollAtLaunch = True))
>>>>>> Rajdeep
>>>>>>
>>>>>> On Wed, Mar 27, 2019 at 3:59 AM Mojca Miklavec <mojca at macports.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Dear Rajdeep,
>>>>>>>
>>>>>>> On Tue, 26 Mar 2019 at 19:51, Rajdeep Bharati wrote:
>>>>>>> >
>>>>>>> > I have submitted a draft proposal:
>>>>>>> https://docs.google.com/document/d/12wRjA8sOWNOuApHZ_fm0n1aIPLVPt9Xm2yGiMwiK3AI/edit.
>>>>>>> Could you please provide some feedback?
>>>>>>>
>>>>>>> Cool, thank you very much, it looks nice, please give us a bit of
>>>>>>> time.
>>>>>>>
>>>>>>> One question: what precisely is your plan for setting up disposable
>>>>>>> builds for PRs?
>>>>>>>
>>>>>>> Mojca
>>>>>>>
>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20190329/e954eef3/attachment-0001.html>
More information about the macports-dev
mailing list