[GHC DevOps Group] A solution for storing build artifacts

Ben Gamari ben at well-typed.com
Mon Mar 26 06:34:13 UTC 2018


"Karpov, Mark" <mark.karpov at tweag.io> writes:

> Hello,
>
> I'd like to share a solution for storing build artifacts we've come up
> with. The solution is to use S3 to store N last artifacts per job on Circle
> CI and also on AppVeyor. Auth info can be stored in environment variables
> if we're careful to use the following settings:
>
> * For Circle CI, there is "Pass secrets to builds from forked pull
> requests", which should be set to "off". This way only pull requests from
> the same repo will have access to sensitive environment variables.
> * For AppVeyor, similarly, there is "Enable secure variables in pull
> requests from the same repository only" (should be enabled).
>
> Then we can put the key that AWS uses for authentication in an environment
> variable and either
>
> * Use AWS CLI utility and do some bash coding around it.
> * Create a little application that will handle uploading to S3 with all the
> necessary logic.
>
> By the logic I mean that we perhaps should do some clean-up, such as
> deletion of old files.
>
> Let me know if this sounds good to you, and if so, I could start on this.
>
I think this sounds like a good start. It would be nice to have the
ability to keep more sparse samples of older artifacts, but this is
something we can address later (and perhaps via other means).

Cheers,

- Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mail.haskell.org/pipermail/ghc-devops-group/attachments/20180326/9d4aff37/attachment.sig>


More information about the Ghc-devops-group mailing list