Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

acbuild pod for building #127

Open
philips opened this issue Nov 21, 2015 · 1 comment
Open

acbuild pod for building #127

philips opened this issue Nov 21, 2015 · 1 comment

Comments

@philips
Copy link
Contributor

philips commented Nov 21, 2015

It would be great to have some sort of pod that we can run for acbuild. Their would be a couple of moving parts:

  1. the file accepter, a server that a developer could upload their source code and a acbuild script to
  2. the image builder, would build whatever ends up in the shared mount from the file accepter
  3. the image server, would serve up the end result images for the user to consume after the build completes

The basic idea would be to do an acbuild against a remote server by sending it the context of a currently checked out project like a Go project, rails app, etc.

@cgonyeo
Copy link
Member

cgonyeo commented Nov 21, 2015

Related: #86

I'm not sure of the security implications of this, since an acbuild script is normally a shell script that runs as root. If we're running it in a container that gets blown away at the end of the build, is a user uploading a script that can break out of the container a concern? If so maybe revisiting the subject of an acbuild script mode could help.

Step 1 could be accomplished with some github integration, which would be very convenient for CD reasons.

Ideally at the end of a successful build it would just push a new image to quay or a private acserver or something with acpush, which would remove the need for step 3.

Regardless of if this thing serves the image itself or pushes it somewhere, it'll need to be able to sign it for the user. I don't like the idea of asking users to upload a private key, so maybe just generate a new key on the server for each project and sign it with that? That would complicate pushing the images somewhere else though, since the current push proposal for appc has the public gpg key sent to the server OOB.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants