[GHC DevOps Group] Continuous integration effort status

[Ben Gamari]

Facundo Domínguez <facundo.dominguez at tweag.io> writes:

> Hello,
>
> Thanks very much for the update.
>
>> c. Artifact preservation. I recommend that we push these to S3 ...
>
> How many artifacts should we keep? I guess all the artifacts produced
> by every build of the master branch since the beginning of time is
> unnecessary, right?
>
Right. There are a few reasons we want to keep artifacts:

 a. To allow contributors to, e.g., build and view their documentation
    changes via CI

 b. To allow us to retrieve build artifacts from CI for releases

 c. As reference builds for bisection

In the case of (a) and (b) I think it would be sufficient to keep a week
or two of builds.

(c) is a bit trickier. Ideally we would have an archive with a sort of
decaying retention policy; e.g., keep all builds from the last month,
every fourth build for the last 3 months, every eighth for the last 6
months, etc.

> If going through S3, how do we protect the S3 credentials from rogue
> pull requests that attempt to expose them?
>
Indeed that is a great question. I'll admit I don't have a great answer
for this at the moment. It's certainly not an easy problem.

Cheers,

- Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mail.haskell.org/pipermail/ghc-devops-group/attachments/20180306/8f39bbc9/attachment.sig>