Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1363

Split package creation and publishing

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: etc
    • Labels:
      None
    • Similar Issues:

      Description

      This week was the first security release for which we staged the core releases in advance in a private Artifactory repository. It was a pretty big improvement for release day.

      The next step would be to change the package creation and distribution script into two:

      • Create Package and possibly upload to the destination host, or make otherwise available
      • Move the prepared packages to the destination directory and poke the mirrors

      Goals:

      Allow the security officer full control over when the packages should be made available (the second step). Make that process from start to general package availability to users as quick as possible.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Looking into https://github.com/jenkinsci/packaging some, this separation already exists:

            • make package creates the packages
            • make publish publishes them

            The problem is publishing involves native package repo creation, which includes use of GPG.

            Alternative idea:

            Define a 'staging' environment that 'publishes' to a non-public directory on the server, and use that for security updates. (This would necessitate making sure in advance the private staging directory is up to date, so as not to create package repos with only one package).

            On release day, all I'd need to do is to rsync those directories to the live ones, and we're done.

            Show
            danielbeck Daniel Beck added a comment - Looking into https://github.com/jenkinsci/packaging some, this separation already exists: make package creates the packages make publish publishes them The problem is publishing involves native package repo creation, which includes use of GPG. Alternative idea: Define a 'staging' environment that 'publishes' to a non-public directory on the server, and use that for security updates. (This would necessitate making sure in advance the private staging directory is up to date, so as not to create package repos with only one package). On release day, all I'd need to do is to rsync those directories to the live ones, and we're done.
            Hide
            danielbeck Daniel Beck added a comment -

            KK told me that the packaging publishing scripts are not actually used by him…

            Show
            danielbeck Daniel Beck added a comment - KK told me that the packaging publishing scripts are not actually used by him…

              People

              • Assignee:
                olblak Olivier Vernin
                Reporter:
                danielbeck Daniel Beck
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: