Project Information
- Name of project: new CI
- Project home page: https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/CI_Futures_WG
- Name of team which owns the project: Release Engineering
- Primary contact for the project: @LarsWirzenius
- Target date for deployment: 2020
- Link to code repository: n/a
- Is this a brand-new project: yes
- Has this project ever been reviewed before: no
- Has any risk assessment (STRIDE, etc.) been performed: in progress, see https://phabricator.wikimedia.org/T240679
- Is there an existing RFC or has this been presented to the community: kind of, blog posts in Phame
- Is this project tied to a team quarterly goal: yes
- Does this project require its own privacy policy: no?
Description of the project and how it will be used
We need to replace the existing CI system at the foundation.
https://www.mediawiki.org/wiki/User:LarsWirzenius/NewCI has our current thinking of what the new system
will look like, except it doesn't include the fact that we'd like to use Argo on Kuberenetes.
Description of any sensitive data to be collected or exposed
None, hopefully. But CI will build artifacts for deployments, which means it's an avenue for attack.
Technologies employed
- Kuberenetes
- Argo
- Go
- Gerrit
Dependencies and vendor code
- some K8s cluster, possibly hosted by a commercial provider
- Gerrit
Working test environment
We don't have this yet, but we can set something up if need be.
Scoping Question 1: Do you have a final candidate list of new technologies that will be introduced within the new CI/CD and what those technologies will replace within the existing system? It's unclear from the various pieces of documentation where Releng is at in their selection process and we'd like to have this narrowed down to as small a list as possible prior to any review.
We're currently aiming at using Argo (https://argoproj.github.io/) running on Kubernetes, until and unless that turns out to be inadequate or unsuitable. The other two candidates we were considering at the end were Zuul v3 and GitLab CI, but those are not being actively considered at the moment.
Scoping Question 2: Can you clarify the specifics of the testing and staging environments from the image promotion pipeline? Where will these environments exist and who will be the ostensible maintainers of said environments?
I'm afraid testing and staging environments are unclear for now: we don't yet know where and how and by whom, or even if, they will be implemented.
Scoping Question 3: This comment within the task description - some K8s cluster, possibly hosted by a commercial provider - seems to imply the potential for SaaS/PaaS options. Is this still being considered? Can we get a sense of what systems and services would be candidates for such an option?
A commercial K8s provider is definitely being considered. We've mostly been talking about GKE, but haven't formally considered the options. The idea that we wouldn't use WMF K8s came up late in the process, at TechConf.