[GHC DevOps Group] A solution for storing build artifacts
Jonas Chevalier
jonas.chevalier at tweag.io
Thu Mar 22 12:20:29 UTC 2018
What we could do is have different lifecycles per folder.
The /dev folder would keep artifacts for a few months (S3 is quite cheap).
The /release folder which contains tagged releases would not be
garbage-collected at all.
On Thu, Mar 22, 2018 at 2:02 AM Manuel M T Chakravarty <
manuel.chakravarty at tweag.io> wrote:
> Jonas, our resident DevOps guru is happy with this approach, so I am, too
> ;)
>
> Jonas notes that ”If the garbage collection can be time based, S3 can
> handle it itself:
> https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
> ”
>
> Cheers,
> Manuel
>
> 21.03.2018 02:14 Karpov, Mark <mark.karpov at tweag.io>:
>
> Hello,
>
> I'd like to share a solution for storing build artifacts we've come up
> with. The solution is to use S3 to store N last artifacts per job on Circle
> CI and also on AppVeyor. Auth info can be stored in environment variables
> if we're careful to use the following settings:
>
> * For Circle CI, there is "Pass secrets to builds from forked pull
> requests", which should be set to "off". This way only pull requests from
> the same repo will have access to sensitive environment variables.
> * For AppVeyor, similarly, there is "Enable secure variables in pull
> requests from the same repository only" (should be enabled).
>
> Then we can put the key that AWS uses for authentication in an environment
> variable and either
>
> * Use AWS CLI utility and do some bash coding around it.
> * Create a little application that will handle uploading to S3 with all
> the necessary logic.
>
> By the logic I mean that we perhaps should do some clean-up, such as
> deletion of old files.
>
> Let me know if this sounds good to you, and if so, I could start on this.
>
> Cheers,
>
> Mark
> _______________________________________________
> Ghc-devops-group mailing list
> Ghc-devops-group at haskell.org
> https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devops-group
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devops-group/attachments/20180322/75b546b0/attachment.html>
More information about the Ghc-devops-group
mailing list