[CI] Add support for running website containers
ClosedPublic
Actions

Authored by Fabien on Apr 10 2023, 15:59.

Details

Reviewers

sdulfari

Group Reviewers

Restricted Project

Commits

rABCcffb0a48d9b6: [CI] Add support for running website containers

Summary

This is a first step toward building on-demand temporarly website hosting as a preview. A config for e.cash is added to demonstrate the feature.

Note 1: you need to install the at utility for the preview feature to work.
Note 2: For now there is no port mangling, which means that you have to wait for the preview to expire before starting another one.

Test Plan

./contrib/teamcity/build-configurations.py preview-e.cash

Navigate to localhost:3000 and check the website renders.

Diff Detail

Repository

rABC Bitcoin ABC

Branch

ci_preview

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 23148
Build 45915: Build Diff
Build 45914: arc lint + arc unit

Event Timeline

Fabien created this revision.Apr 10 2023, 15:59

Herald added a reviewer: Restricted Project. · View Herald TranscriptApr 10 2023, 15:59

Fabien requested review of this revision.Apr 10 2023, 15:59

Harbormaster completed remote builds in B23148: Diff 39483.Apr 10 2023, 15:59

Have you considered using docker-compose instead? That way, you won't have to include all of that config logic in build-configurations.py and you get benefits like automatic port mapping support.

Another concern that is not really addressed here is the web preview can exfiltrate sensitive environment variables from CI. I'm just going to assume sensitive keys are on all CI machines, so:

If the tag_name is accessible within the docker container, I can already exfiltrate env variables with this patch unchanged if YML supports something like "$ENV_VAR" as the name.
docker-compose would actually make this worse since you can pass env variables through the compose config. Might need to reject configs that have these set.

If docker-compose is not a good option due to these concerns, then we should at least call that out as part of the rationale for doing the config from scratch.

contrib/teamcity/build-configurations.py
181	This needs to restrict the context to paths under the git directory, otherwise I could exfiltrate private keys from `~/.ssh` for example.

This revision now requires changes to proceed.Apr 10 2023, 20:43

Yes I did consider using docker-compose but it's not a good fit for that purpose. First there is very little configuration involved (no volume, no network) and regarding the port I will need to generate a random one at each call so several previews of the same website can run simultaneously (from different diffs).
Regarding security, there is no way that I know to extract environment variables with the current patch because the host variables are not available from the container (and not interpreted from the yaml). But you have a very good point regarding the context, which should definitely be limited to the scope of the repo.
Another note: I plan to make this a bot command only available to ABC devs to avoid abuses, but that will also make it harder to exploit.