apt/yum repositories implementation design wanted
This is probably 100% valid for cinc-auditor and/or other parts too, but let's start here. We can adopt it for other parts when needed.
I would like to work on the yum/dnf/apt repository support in the next days (this year :)), and would like to align on the implementation design. Most likely @ramereth is the main peer for my questions here (but anybody else is welcome to contribute too!)
I would like to build an understanding of our current build process and infrastructure first and continue with feature design after that.
as far I understand the current setup and build process:
- the http://downloads.cinc.sh has currently the structure needed by omnitruck
- we have two jobs related to publishing:
- deployment job uploads the built artifacts to some download host
publishing job uses a special runner (tagged with
downloads) and invokes
sync-from-masteron another mirror host (in order to pickup content from download host and publish it via mirror infrastructure?)
- is the http://downloads.cinc.sh this mirror infrastructure?
- Can I access somehow the download/mirror hosts? If yes, how?
- Does it make sense to place access credentials to our 1Password vault?
- What about the setup of
downloadsrunner, it's probably configured as a shell runner?
- What about this
sync-from-masterscript, is it somewhere in our CINC repositories or is it something from OSL mirror infrastructure?
- What about the sudo rules on the
downloadsrunner, that is the purpose of them?
I would also like to create a documentation about this process, mostly for CINC maintainers. Does it make sense to use our website for that? Or just a new repository
docs and simple markdown?