Wikimedia Release Engineering Team/Deployment pipeline/2017-02-14

= 2017-02-14 =

Updates

 * Moving to etherpad because I'm slow to GDoc — https://etherpad.wikimedia.org/p/container-cabal
 * Should store these notes some place public — mw.org? Wikimedia_Release_Engineering_Team/Deployment_pipeline
 * Services requirements - https://phabricator.wikimedia.org/T158015
 * RelEng requirements - https://docs.google.com/document/d/1_6uJCQ9UttAb0hQ3upwOE8wrCiADs-x-VuyHMbjZYo0/edit#heading=h.a3hyhu5bz40v

Last Time

 * ./service-runner.js generate -t
 * Dumps a dockerfile that's entrypoint is
 * Dockerfile + node version manager
 * Mathoid POC task
 * Needs to be broken down further, I think

Next

 * Mathoid
 * Testing dockerfile

Dockerfile

 * Currently installs from nvm
 * could be installed from a base image
 * i.e. specific images for the node version
 * Could use package.json spec for php
 * hhvm vs php5 vs php7


 * Images in testing vs images in production pipeline
 * Differences of note:
 * hipdump installed for all services (with chrome) -- not in testing
 * npm deduplication (see also npm shrinkwrap)


 * Dockerfiles are not the abstraction for repo maintainers

Images
Need a registry and some base image.


 * Questions for operations
 * What do the base images look like? How are they created? Are they signed?
 * Re: Some Build Manifest Abstraction, do we limit package installation from certain apt sources?
 * What do they need from this pipeline
 * Base image updates trigger new builds/tests/everything
 * Example: firejail updates
 * Currently manual testing in beta and rollout

= As Always =
 * Release Pipeline Workboard