summaryrefslogtreecommitdiffstats
path: root/wiki
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-11-20 11:07:43 +0000
committerintrigeri <intrigeri@boum.org>2019-11-20 11:07:43 +0000
commit0dfb689d6e6f68a3f0187ffeeba209634674d67a (patch)
tree47f19278cf0dd3d7b71fe8c4d694f07af41f08ba /wiki
parentf6712dfc7e070703f3ff5b8e5b1fe6ee20063e62 (diff)
GitLab: lay down the basics Jenkins → Git interface
The goal here is to make it easier for our sysadmins to: 1. assess the impact of the migration to GitLab, and which GitLab we use, on the security of our CI infrastructure; 2. decide if mitigations are needed, and if so, which ones.
Diffstat (limited to 'wiki')
-rw-r--r--wiki/src/blueprint/GitLab.mdwn37
1 files changed, 37 insertions, 0 deletions
diff --git a/wiki/src/blueprint/GitLab.mdwn b/wiki/src/blueprint/GitLab.mdwn
index 5faaa9a..f1094a6 100644
--- a/wiki/src/blueprint/GitLab.mdwn
+++ b/wiki/src/blueprint/GitLab.mdwn
@@ -585,6 +585,43 @@ Current implementation:
Pushing to our Git repository pings Jenkins so it can run jobs as needed:
<https://git.tails.boum.org/puppet-tails/tree/templates/gitolite/hooks/tails-post-receive.erb>
+<a id="interfaces-jenkins-git"></a>
+
+## Jenkins → Git
+
+Jenkins jobs are generated on `jenkins.lizard`, from the list of
+branches in our main Git repository. For details and pointers to the
+corresponding code, see the corresponding
+[[blueprint|blueprint/automated_builds_and_tests/jenkins]].
+
+Here are the kinds of jobs relevant in this discussion:
+
+ - `check_PO_master` runs the `check_po` script on all PO files
+
+ - this script comes from a Git submodule referenced by
+ `tails.git`'s master branch (`tails::tester::check_po`)
+ - in a Jenkins isobuilder
+ - as a sudoer user
+
+ - `build_website_master` runs `./build-website`
+
+ - from `tails.git`'s master branch
+ - in a Jenkins isobuilder
+ - as a sudoer user
+
+ - `build_Tails_ISO_*` and `reproducibly_build_Tails_ISO_*` run
+ `rake build`
+
+ - from the corresponding `tails.git` branch
+ - in a Jenkins isobuilder
+ - as a sudoer user
+
+ - `test_Tails_ISO_*` run `./run_test_suite`
+
+ - from the corresponding `tails.git` branch
+ - in a Jenkins isotester
+ - as root via sudo
+
## Jenkins → Redmine
Tails images build reproducibility is tested if the corresponding