diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-04-17 13:23:29 +0300 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-04-17 13:23:29 +0300 |
commit | dd6d499e680267194b77630dfe5b790d39e2ed26 (patch) | |
tree | cfec6816dd3cab02ee00763acd64f1f9c864e2e7 /utils | |
parent | 93cf781cffe357cb4dd207fcc3773b8eac3b141e (diff) |
Add README.
Diffstat (limited to 'utils')
-rw-r--r-- | utils/new-publish/README | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/utils/new-publish/README b/utils/new-publish/README new file mode 100644 index 0000000..b5940f5 --- /dev/null +++ b/utils/new-publish/README @@ -0,0 +1,49 @@ +Prototype of new Publishing API for Linaro CI +============================================= + +Background +--------------------- +Builds of various products and components must finish with publishing +their artifacts to a central server, hereafter called "snapshots". +Builds also must be queued for testing in LAVA. All publishing +should happen in secure manner, prohibiting direct system break-ins +and minimizing types of other attacks, like denial of service. + +This prototype tries to establish consistent external interface reusable +for wild variety of Linaro builds, and initial implementation which +works with existing infrastructure and setup in place. + +Generalize publishing process: + +Builder -> Snapshots + + +External Interface +------------------ +Build jobs use publishing API using the shell command calls. There're +2 scripts to perform publishing action: + +* publish-start +* publish-finish + +They compliment each other and should be used in pair. + +Script parameters: + +publish-start --token <token> <build_id> <glob_pattern>... + +publish-finish --token <token> <build_id> + + +Internal Implementation +----------------------- +There's currently no token-based authentication for publishing services, +and instead SSH auth used. Consequenetly, for security reasons, the accounts +used for publishing should be as restricted as possible, in practice we +use few accounts for each step of the process, each fortified to disallow +opportunity of direct shell access. SFTP is used as a transport (due to +historical reasons). + +Current publisher process goes as: + +Builder -> Master -> Snapshots |