Le 31/05/2019 à 17:39, Uwe L. Korn a écrit :
>
>
> On Fri, May 31, 2019, at 12:11 AM, Antoine Pitrou wrote:
>>
>> Le 30/05/2019 à 22:39, Uwe L. Korn a écrit :
>>> Hello all,
>>>
>>> Krisztián has been lately working on getting Buildbot running for Arrow.
>>> While I have not yet had the time to look at it in detail what would hinder
>>> us using it as the main Linux builder and ditching Travis except for OSX?
>>>
>>> Otherwise I have lately made really good experiences with Gitlab CI
>>> connected to Github projects. While they only offer a comparatively small
>>> amount of CI time per month per project (2000 minutes is quite small in the
>>> Arrow case), I enjoyed that you can connect your own builders to their
>>> hosted gitlab.com instance. This would enable us to easily add funded
>>> workers to the project as well as utilise special hardware that we would
>>> not otherwise get in public CI instances. The CI runners ("workers") are
>>> really simple to setup (It took me on Windows and on Linux less than 5min
>>> each) and the logs show up in the hosted UI.
>>
>> Are there any security issues with running self-hosted workers?
>> Another question is whether Gitlab CI is allowed on Github repos owned
>> by the Apache Foundation (Azure Pipelines still isn't).
>
>
> The security implications are the same with any self-hosted, docker based CI:
> There are certain chances people can escape the docker sandbox and do nasty
> things on the host. Thus we shouldn't store any additional credentials on the
> host except what is needed to connect to the gitlab master.
>
> I'm not sure about the requirements from Gitlab for the integration. They
> provide a hook for the CI status and a full-blown sync integration. The
> latter really wants all-access which the ASF INFRA won't grant for the former
> we may not even need INFRA but I have to look deeper into that.
Would be nice if you could take a look IMHO :-)
Regards
Antoine.
