Re: Jenkins

[Alex Harui]

AIUI, you can automate everything except the verification and PGP signing.  The 
building and packaging doesn't have to be done on computers under the RM's 
control, but before the RM applies his/her PGP signature, the RM must convince 
themselves that the artifacts they are signing are correct and safe.  IMO the 
way to do that is to download the artifacts to a computer under the RM's 
control that has the RM's PGP key on it, and then run some sort of tests before 
signing.  For the source package, it can be as simple as checking out the tag 
into another folder and doing a diff.  For binaries it is much harder, but with 
the trend towards reproducible binaries, I believe it is now practical.

But then the RM has a pile of signed artifacts on some computer that has to be 
uploaded to the distribution servers.  A script can help with that, though.

HTH,
-Alex

On 12/12/19, 2:55 AM, "Gabriel Beims Bräscher" <gabr...@apache.org> wrote:

    Hello,
    
    I am an Apache CloudStack PMC/Committer.
    
    One of the goals that we at CloudStack have is to automatically build 
    packages and update our mirrors whenever a new release is launched.
    I worked as release manager for CloudStack 4.12.0.0 (non-LTS) and 
    assisted on 4.13.0.0 (LTS), In both cases I executed the building 
    process manually (build all the deb and rpm packages and make them 
    available at the ACS repository mirror). It would be great to make it 
    automated.
    
    With that in mind I am wondering If is there a way to set up Jenkins. 
    Additionally, I work at PCextreme and as a cloud provider we would be 
    happy to donate resources (virtual machine(s)), if necessary to run such 
    jobs.
    
    Thanks for all the help!
    Best regards,
    Gabriel.
    
    -- 
    Gabriel Beims Bräscher
    Apache CloudStack Committer/PMC
    The Apache Software Foundation
    
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.apache.org%2F&amp;data=02%7C01%7Caharui%40adobe.com%7C2776a1f593ae42724ff208d77ef1bc38%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637117449021619621&amp;sdata=rJarxm3rQh2Kh9oirMkQWWISQ4WquxJrO6Jr%2F2chWak%3D&amp;reserved=0
    
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloudstack.apache.org%2F&amp;data=02%7C01%7Caharui%40adobe.com%7C2776a1f593ae42724ff208d77ef1bc38%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637117449021619621&amp;sdata=jCkeUb804f7jntV9hCgVCa7cIS6MjKuN%2B4NLqgOyzIc%3D&amp;reserved=0