JuiCI
JuiCI is a CI server that has a notion of queuing and priority.
It's designed to work well with agent99 but will play nicely with most frontends to CI.
Features
- callbacks are created as builds are requested
- Builds are executed sequentially in a series of parallel queues.
- Queues can be dynamically created
- Build status visualised
Important but Miscellaneous
If you create child process in modules/plugins then you need to register your disinterest or JuiCI will think they're builds and that would be bad
Setup
JuiCI is deliberately very light on the setup front.
bundle install
bundle exec bin/juici
is all you need to have a working instance (provided that you have mongo installed)
Usage
JuiCI chooses to be very "Mongo" (which is an adjective now), in that you don't need to formally create a project. Just request a build; however this means that on your first build you will need to send the commands to create your test environment)
Example:
curl --data-ascii @/dev/stdin <<EOF
payload={"environment":{
"SHA1":"e8b179f75bbc8717c948af052353424d458af981"},
"command":"[ -d .git ] || (git init .; git remote add origin git://github.com/richo/twat.git); git fetch; git checkout $SHA1; bundle install; bundle exec rake spec"
EOF
Using a convention like script/cibuild
as in janky/hubot etc is advisable,
although bear in mind that the logic to checkout the repo will need to be
seperate.
Priority
JuiCI supports the notion of priority. Builds given without a priority will be assigned priority 1 (to allow for marking a build as less important with priority 0).
If juici recieves a new build with priority higher than any currently unfinished, it will pause whatever it's doing and build the new project. If there is a tie for priority, a FIFO queue is assumed.
JuiCI uses SIGSTOP
and SIGCONT
internally for job control.
Hooks
You may specify one or more callbacks when you request a build. They will be called with an (as yet unformalised) json body as the body if/when the build reaches that state. Alternately you may specify "any" as the callback state and it will be called on all state changes.
Security
JuiCI poses some interesting security conecerns. First off, it will allow anyone with access to run arbitrary commands on your server. I have deliberately not implemented any kind of security inside JuiCI, it plays nicely as a Rack application, and middlewares are much better suited to this task.
It should go without saying, but any builds started by JuiCI will inherit its environment. This means that if you run it in dev mode and forward your ssh agent, builds can ssh to other machines as you!
When running in production you should take steps to ensure that the user JuiCI runs as is no more privileged than it needs to be, and sanitise its environment before execution.
A note on subprocesses
JuiCI by default invokes everything in a subshell- indeed this is the only way to approach this if you want to execute more than one command.
What this means to you as the user though is that unless you go to lengths to
specifically implement it, your process won't see any of the signal handling
madness. The shell(/bin/sh
) will see everything, and if killed, your
processes will become orphaned, but carry on.
Contact
JuiCI's code lives on Github and the author can be contacted on Twitter