apt/yum repositories implementation design wanted
This is probably 100% valid for cinc-auditor and/or other parts too, but let's start here. We can adopt it for other parts when needed.
I would like to work on the yum/dnf/apt repository support in the next days (this year :)), and would like to align on the implementation design. Most likely @ramereth is the main peer for my questions here (but anybody else is welcome to contribute too!)
I would like to build an understanding of our current build process and infrastructure first and continue with feature design after that.
as far I understand the current setup and build process:
- the http://downloads.cinc.sh has currently the structure needed by omnitruck
- we have two jobs related to publishing:
- deployment job uploads the built artifacts to some download host
-
publishing job uses a special runner (tagged with
downloads
) and invokessync-from-master
on another mirror host (in order to pickup content from download host and publish it via mirror infrastructure?)
- is the http://downloads.cinc.sh this mirror infrastructure?
Questions:
- Can I access somehow the download/mirror hosts? If yes, how?
- Does it make sense to place access credentials to our 1Password vault?
- What about the setup of
downloads
runner, it's probably configured as a shell runner? - What about this
sync-from-master
script, is it somewhere in our CINC repositories or is it something from OSL mirror infrastructure? - What about the sudo rules on the
downloads
runner, that is the purpose of them?
I would also like to create a documentation about this process, mostly for CINC maintainers. Does it make sense to use our website for that? Or just a new repository docs
and simple markdown?