On Mar 15, 2018, at 07:00, db wrote:
> On 15 Mar 2018, at 05:13, Ryan Schmidt wrote:
>> Because PRs come from untrusted sources, we have to assume their contents 
>> are tainted. So after any PR is finished building, the VM is tainted and we 
>> have to throw it away and make a new one from our template for the next PR 
>> build.
>> On Mar 14, 2018, at 07:25, db wrote:
>>> Otherwise, you could make the machines sync to the packages public server 
>>> for the distributable, and to a private server for the non-distributable 
>>> binaries.
>> I can't find an interpretation of that sentence that helps to solve the 
>> prepopulation problem.
> I didn't know how you handled the templating.

We have nothing set up for this yet, so currently we don't handle it at all. I 
was merely mentioning some of the issues that have occurred to me since I've 
been thinking about this problem.

> Couldn't you just prepopulate the cloned VM, take a snapshot, build the PR, 
> restore the snapshot, eventually, delete the snapshot, update outdated, then 
> retake it?

I don't know. I had not considered snapshots as part of the solution.

If we use snapshots, we may not need to use templates. We just take a snapshot 
of a clean fully set-up VM and start the build from there. Then restore to that 
snapshot after the build.

If you're suggesting that periodically updating that VM should be automated, 
there's a lot to think about. If there is to be an automated (e.g. daily) task 
that deletes the snapshot, updates outdated ports, and makes a new snapshot, 
that would have to happen while no PR builds are building. If we made this 
daily update a buildbot task, it can probably arrange for that. We would also 
have to either automate or allow for the possibility of manually updating the 
OS, Xcode, Java.

Reply via email to