Opened 5 weeks ago

Last modified 3 weeks ago

#33948 accepted task

Setup a new nightly build machine

Reported by: boklm Owned by: sysrqb
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam202004
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am currently running nightly builds at http://f4amtbsowhix7rrf.onion/. I think someone else from Tor Browser team should setup a new nightly build machine.

To do that the ansible scripts in directory tools/ansible can be used:
https://gitweb.torproject.org/builders/tor-browser-build.git/tree/tools/ansible

You will need to:

  • if the host does not have a public IP address, you can install tor and setup an onion service on the http port (this part is not done in ansible)
  • add a new host in the inventory file
  • configure this host in your ~/.ssh/config file if necessary (if the hostname added to the inventory file is not a real hostname), and make sure that you can connect to the host with ssh root@$hostname
  • copy the file boklm-tbb-nightly-build.yml to an other name
  • copy the directory group_vars/boklm-tbb-nightly to another group name, and update the configuration in tbb-nightly-build.yml
  • configure email on the host. This can be done in ansible with the file dma.yml. The email password (if needed) is stored encrypted in dma-auth.yml in the directory vaulted_vars (see https://docs.ansible.com/ansible/latest/cli/ansible-vault.html), and the password to decrypt the vault is passed with the --vault-password-file argument in the Makefile (maybe it's also possible to store dma-auth.yml outside tor-browser-build.git without using vault). Alternatively you can configure email on the host without using ansible, by removing the mta role from the *-tbb-nightly-build.yml file.
  • in the Makefile add a new *-tbb-nightly-build rule
  • run "make *-tbb-nightly-build"
  • if you enabled nightly_build_sign_build in tbb-nightly-build.yml, connect to the host and become the tbb-nightly user and generate a new gpg key (the key is not created automatically by ansible)

Child Tickets

Change History (2)

comment:1 Changed 4 weeks ago by boklm

#33803 is related.

comment:2 Changed 3 weeks ago by sysrqb

Owner: changed from tbb-team to sysrqb
Status: newaccepted
Note: See TracTickets for help on using tickets.