GithubHelp home page GithubHelp logo

infra's Introduction

Python Cryptographic Authority Infrastructure

The PyCA operates a significant amount of infrastructure in the form of continuous integration. This repository holds the configuration for setting up our Jenkins server, as well as the various docker containers we use in testing.

Ansible

To run the ansible playbook you'll need your SSH public key in the server's authorized_keys and then you can run ./deploy.

Ansible is responsible for making sure Docker is running on the host, installing SystemD service files for Caddy and Jenkins, pulling the Caddy and Jenkins docker images, and making sure they're running.

Docker Containers

Docker containers are built on merge by Jenkins and then uploaded to Docker Hub. Each repository on Docker Hub corresponds to a directory in runners.

Jenkins

An outline of how to set up our jenkins:

  • Provision a new server
  • Repoint the DNS so that when caddy comes up it can obtain a certificate
  • Run the ansible deployment script
  • Follow the instructions for adding credentials in CREDENTIALS.md
  • Set up the plugins (TODO: provision these automatically). A non-exhaustive list:
    • AnsiColor
    • Blue Ocean
    • GitHub Authentication Plugin
    • Pipeline
    • Pipeline Utility Steps
    • Simple Theme Plugin
    • SSH Slaves Plugin
    • Timestamper
  • Set up GitHub authentication plugin
    • Under configure global security you'll need to set up the client ID and client secret.
    • Set admin usernames (these are GitHub user names)
  • Set up simple theme plugin
  • Add non-docker-based nodes (e.g. macOS, FreeBSD, Windows)
    • TODO: more extensive documentation if it's not possible to automate this
  • Add docker hub credentials
    • Go to jenkins global credentials and click add credentials
      • Choose username with password
      • Scope set to global
      • id should be dockerhub-credentials
      • username and password should be the cryptohubbot user
  • Create the primary organization job (New Item -> GitHub Organization)
    • In configuration, under Projects -> GitHub Organization click Advanced.
      • Change include branches from * to master
      • Check build origin branches
      • Uncheck build origin branches also filed as PRs.

infra's People

Contributors

alex avatar reaperhulk avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.