## Context As GitLab grew, multiple build environments proliferated across projects. Some GitLab components build with a shared environment while others use a completely unique container image. None of these build with the same environment that builds packages and container images for SaaS and self-managed customers. The build team owns dependency update certification. One update may require changes in a dozen or more repositories. Each of these projects may or may not have a directly responsible individual to handle build failures. Some projects lack ownership by any one team and are effectively abandoned until surfaced by a catastrophic build failure. The build team co-ordinates effort across multiple teams and, in cases where there is no ownership, takes ownership to ensure the upgrade succeeds. ## Problem GitLab manages and maintains more than 200 separate build environments across [pipeline images](https://gitlab.com/gitlab-org/gitlab-build-images), custom images across various projects, and [the production environments we use to build and release to customers](https://gitlab.com/gitlab-org/gitlab-omnibus-builder). This convoluted system adds significant friction to GitLab's capacity to validate updates for broadly shared requirements such as language runtimes and core system libraries. GitLab should have one unified build environment tightly controlled and shared across all teams. This reduces friction, shifts build failures left from release day, improves overall security, and eliminates vast amounts of wasted resources in both labor and operating expenditures. ## DRI @rmarshall ## Exit criteria ### Quarterly Goals #### FY26 Q4 Goal - [ ] Finalize the complete TUBE architectural blueprint, scope, and timelines. - [ ] Transfer architectural blueprint from private Build Architecture Repo into public blueprints. - [ ] Identify additional resources required beyond Build, Security, and Delivery teams. - [ ] Define Universal Build Toolchain automation within the T.U.B.E. process flow. #### FY27 Q1 Goal The two primary goals for this quarter are independent and can progress in parallel. - [ ] Implement upstream source sidecache strategy with Security to insulate GitLab from upstream supply chain attacks, lost or removed sources, and other external threats to the business. - [ ] Expand previous proof-of-concept work into a functional, automated collaborative process for Build and Security teams to validate and provide a Software Bill of Materials (SBOM) for first and third party build dependencies. - [ ] Populate sidecache with build dependencies generated by the Universal Build Toolchain. - [ ] Automate Universal Build Toolchain with T.U.B.E. process flow. - [ ] Automate sidecache of artifacts build by Universal Build Toolchain. #### FY27 Q2 Goal - [ ] Implement common build environments (build streams) that consume the validated and SBOM ready components. - [ ] Implement build streams. [Build stream workflow documentation](https://gitlab.com/gitlab-org/distribution/build-architecture/documentation/-/blob/7a2ba132ff68300d879882d6cb28c4cc70e897ed/framework/build-streams/build-stream-generation.md) - [ ] Provide common CI component that allows all teams to move their software builds left and eliminate rebuilds on release day. - [ ] Onboard select teams to validate CI component operation before broader rollout. - [ ] Resolve issues discovered in CI component validation. #### FY27 Q3 Goal - [ ] Continue to onboard teams to common build environments based on their capacity. ### Archived Quarterly Goals <details> <summary> #### FY25 Q4 Goal </summary> The focus of each is to build one component of the larger Totally Unified Build Environment with a focus on support for Golang. - [x] [E.U.R.E.K.A. - Extensible Upstream Retrieval, Examination, Keycheck, Archival](https://gitlab.com/groups/gitlab-org/distribution/-/epics/88) ``` Component that detects new artifact availability. - verifies upstream artifact - alerts Application Security - classifies the artifact into a build stream ``` - [x] [E.P.I.C. - Epic Populating Issue Creator](https://gitlab.com/groups/gitlab-org/distribution/-/epics/89) ``` Component that creates the epic and associated issues when a shared build dependency update occurs. Allows team members to have greater visibility and provides clear status updates to product and engineering managers. ``` - [x] [C.O.R.E. - Component Ownership Record Evaluator](https://gitlab.com/groups/gitlab-org/distribution/-/epics/90) ``` Maintains the records of projects that receive updates and who Build team should contact in the event of a subcomponet failure to build from source. ``` - [x] Onboard Golang with the above automated actions that will eventually become part of the fully automated T.U.B.E. </details> ## How to follow along For transparency and to keep a better history, the proposals and descriptions of this epic are tracked in a design documents repository. - [Framework Documentation](https://gitlab.com/gitlab-org/distribution/build-architecture/documentation/-/blob/main/framework/index.md) For historical context, this epic and its children started from the epics and issues listed below: - https://gitlab.com/groups/gitlab-org/-/epics/10154+s - https://gitlab.com/groups/gitlab-org/-/epics/8660+s - https://gitlab.com/gitlab-org/distribution/team-tasks/-/issues/1109+s --- <!--STATUS NOTE START--> ## Status 2025-02-12 :issue-blocked: **blockers**: - We are down to four Go-based projects that require response. See open merge requests attached to https://gitlab.com/gitlab-org/distribution/build-architecture/framework/utilities/core/-/issues/1+s :tada: **achievements**: - We have open merge requests to change the name to the "Totally Unified Build Environment" in the existing project design documentation. - [The migration to the public design documents repository is up for review](https://gitlab.com/gitlab-com/content-sites/handbook/-/merge_requests/11660) - [There is a handbook page update out for review that adds documentation for how to use the new automation tools for Go updates](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/180482). :arrow_right: **next steps**: - Schedule the remaining design tasks as part of FY26Q1 planning. - Work with @denisra to provide a clearer high level summary of what problems T.U.B.E. addresses and the business value. :loudspeaker: **announcements**: - [There is a one page scope and impact document available](https://gitlab.com/gitlab-org/distribution/build-architecture/documentation/-/tree/main/framework/impact). _Copied from https://gitlab.com/groups/gitlab-org/distribution/-/epics/51#note_2343153552_ <!--STATUS NOTE END-->