[GHC DevOps Group] A solution for storing build artifacts
Manuel M T Chakravarty
manuel.chakravarty at tweag.io
Thu Mar 22 02:02:46 UTC 2018
Jonas, our resident DevOps guru is happy with this approach, so I am, too ;)
Jonas notes that ”If the garbage collection can be time based, S3 can handle it itself: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html <https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html>”
Cheers,
Manuel
> 21.03.2018 02:14 Karpov, Mark <mark.karpov at tweag.io>:
>
> Hello,
>
> I'd like to share a solution for storing build artifacts we've come up with. The solution is to use S3 to store N last artifacts per job on Circle CI and also on AppVeyor. Auth info can be stored in environment variables if we're careful to use the following settings:
>
> * For Circle CI, there is "Pass secrets to builds from forked pull requests", which should be set to "off". This way only pull requests from the same repo will have access to sensitive environment variables.
> * For AppVeyor, similarly, there is "Enable secure variables in pull requests from the same repository only" (should be enabled).
>
> Then we can put the key that AWS uses for authentication in an environment variable and either
>
> * Use AWS CLI utility and do some bash coding around it.
> * Create a little application that will handle uploading to S3 with all the necessary logic.
>
> By the logic I mean that we perhaps should do some clean-up, such as deletion of old files.
>
> Let me know if this sounds good to you, and if so, I could start on this.
>
> Cheers,
>
> Mark
> _______________________________________________
> Ghc-devops-group mailing list
> Ghc-devops-group at haskell.org
> https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devops-group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devops-group/attachments/20180322/da9bbd56/attachment.html>
More information about the Ghc-devops-group
mailing list