Our deployment servers is where the code for mediawiki is "prepared", including:
- mediawiki releases
- security patches
- private settings
- localization cache
using scap. We would like to allow building our images outside of CI and as an integral part of preparing the code for deployment.
To this end, I think the easiest way to go about this is:
- Install docker on the deployment servers (check for space/filesystem constraints)
- Install the docker-pusher wrapper to allow pushing images via sudo from a mwbuilder user
- Install a copy of mediawiki/tools/release under /srv/mwbuilder/release
- Create a sudo rule allowing people in the deployment-ci-admins group to run /usr/local/bin/update-mediawiki-tools-release as mwbuilder (to allow updating the tools/release source code) - this is the same group as contint-admins.
- Create a sudo rule allowing people in the deployment group to run /usr/bin/make -C /srv/mwbuilder/release/make-container-image -f Makefile *
- Make scap (eventually, when it will be how we fetch code in production) and/or a git hook trigger the rebuild sudo'ing to the correct user
- Possibly write the file with the image versions to consume for deployments.
- Reduce verbosity of image build process. It's overwhelming.
- Measure impact of image build time (first train of the wiki and followup commits).
- Figure out interaction with sync-dir and sync-file (possibly deprecating these commands).
- Set build_mw_container_image to True in /etc/scap.cfg