Set up a Docker image with compiler explorer so we have a long-lived/consistent image for easy development
Categories
(Developer Infrastructure :: Source Code Analysis, task, P4)
Tracking
(Not tracked)
People
(Reporter: tjr, Assigned: tjr)
References
Details
|
||
Comment 1•5 years ago
|
||
I see there is https://github.com/madduci/docker-compiler-explorer, which seems to be working.
Tom: do we have a specific use-case or need that warrants a fork / copy, here? If so, I think this bug needs updating.
Btw, there's a very minor issue with the Docker image, that I've filed a pull request for[1]. I'm using that pull request to test how well-maintained the docker image is :-)
[1] (The issue is that the compiler-explorer repo has moved URL. I consider this very minor because GitHub provides redirects for repositories that are moved between account and teams. See https://github.com/madduci/docker-compiler-explorer/pull/2 for status)
|
|
||
Comment 2•5 years ago
|
||
(PR was merged)
|
Assignee | |
Comment 3•5 years ago
|
||
There were a few things we wanted. Here's the RRA.
- We had talked about restarting the Docker container every X hours to wipe it fresh. I'm not really sure of the value of this, given if the container can be compromised, it can be re-compromised.
- We wanted a notification that data should ideally not be saved to the server via the 'Share' feature, and a warning that it may be wiped at any time.
June, was there some other modification(s) we cared about?
|
||
Comment 4•5 years ago
|
||
I think there were also some changes to Compiler Explorer that we needed.
These two have since been merged:
https://github.com/compiler-explorer/compiler-explorer/commit/e1188d1a36533d7b0521ff3de51ef447ddfd28d3
https://github.com/compiler-explorer/compiler-explorer/commit/bb66b63746272daf9c2deadfc67f1ebb3a050cef
And this one which hasn't been:
https://github.com/steveire/compiler-explorer/commit/d28d7dc6f9a696b1188d4235fd885badb5d227c3
|
|
||
Comment 5•5 years ago
|
||
Also, some of the revisions from https://reviews.llvm.org/people/revisions/526/ but I don't remember which of these are the clang-query improvements we wanted to use as I haven't been keeping up with what's going on there
|
|
||
Comment 6•5 years ago
|
||
OK, that's useful. It seems I was missing a lot of context here. (Until comment 3 I was expecting the docker image to be used on the developer's machine for individual testing and did not know and didn't know we want this hosted on Mozilla infra)
Looking at the RRA, I suppose we'd solve a lot of the issues if we put this behind SSO and required permissions (e.g., either request an access group for this machine or become inventive with existing flags, e.g., L1, L3 access, holly access and whatnot).
AFAIU that would allow us not to wipe things and wouldn't require off-tree patches that bodge warnings on top of the share feature.
|
|
Assignee | |
Comment 7•5 years ago
|
||
(In reply to Frederik Braun [:freddy] from comment #6)
Looking at the RRA, I suppose we'd solve a lot of the issues if we put this behind SSO and required permissions (e.g., either request an access group for this machine or become inventive with existing flags, e.g., L1, L3 access, holly access and whatnot).
I think L1 access would certainly be sufficient. If you want to investigate how to put it behind SSO go for it, but that seemed like a lot of work to me....
|
|
||
Comment 8•5 years ago
|
||
I think there was a way to "just" throw a reverse proxy on a service. I'll find out.
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 9•4 years ago
|
||
The Repo this is being on in is https://github.com/mozilla-services/civet-docker
|
|
||
Comment 10•4 years ago
|
||
Why do we need this? What benefits brings this to us?
|
|
Assignee | |
Comment 11•4 years ago
|
||
(In reply to Andi-Bogdan Postelnicu [:andi] from comment #10)
Why do we need this? What benefits brings this to us?
In general, developing a static analysis query is way easier in an interactive way using Compiler Explorer than setting up a toolchain and environment locally.
As far as running our own vs godbolt; godbolt only has clang-query trunk; which may not behave the same way as our own static analysis toolchain. By running our own we can slim down CE to the tools we care about (vs their tremendous overwhelming list of compilers+tools), make sure we match the versions correctly, and match any local patches that are valuable to apply. Plus customize CE to our needs - so far all the workflow-bandaid patches to CE I've made have been happily accepted upstream but that may not always be the case.
|
|
Assignee | |
Comment 13•4 years ago
|
||
No, while we have a dev instance running, we still need to do the RRA, set up the domain name, and deploy it in production
|
|
Assignee | |
Comment 14•4 years ago
|
||
I'm going to call this done with the puppet config we have at https://github.com/mozilla-services/civet-docker
|
||
Updated•3 years ago
|
Description
•