I’m pleased to announce the release of Buildbot 1.3.0.
This month has been relatively quiet in terms of contributions to Buildbot. Several bugfixes and support for ssh public key authentication for git have been contributed. As the author of the latter, I’ve got a kind invitation to write a blog post about my use case.
I’ve been first introduced to Buildbot when working at Unity Technologies, which has been maintaining a fork of Buildbot called Katana powering entire internal build infrastructure running tens of thousands of builds a week. With this background, Buildbot was an obvious choice for my own personal projects.
The support of ssh public key authentication was important for the continuous integration infrastructure of the libsimdpp project. The library is tested on a wide variety of environments, currently more than 50, some of which are Linux distributions first released almost 10 years ago. This makes authenticated cloning of git repositories harder than it needs to be because Buildbot currently can only use https authentication when cloning git repositories, which requires proper certificates to be included into the workers and continuously updated which is additional maintenance burden. After finding out that ssh public key authentication is needed by other people too, I’ve decided to improve Buildbot to support this feature.
Conceptually the ssh public key authentication is relatively simple to implement. The authenticating party must have the private key file and supply it to ssh command via a command line option when establishing connection. In practice, my situation was a little bit more complicated because this command line option had to be supplied through git and ancient versions of git needed to be supported. Thus, depending on the version of git, several ways of supplying the required data are used, employing a wrapper script specified via GIT_SSH environmental variable as the ultimate fallback.
The feature integrates with the secret manager. The private ssh key may be supplied as a Secret, which is later rendered to retrieve the actual key data. This allows the private keys to be stored in a dedicated secret storage outside of the master. Consequently, not only the security of the keys is improved, it’s much easier to manage them from a single centralized location.
Retrospectively, contributing to Buildbot was a very pleasant experience. The code base has a very good test coverage, which let me be confident that most errors will be caught. Thanks to all Buildbot contributors!
Full details of changes in Buildbot 1.3.0 can be found in the release notes.
git shortlog --no-merges -ns v1.2.0...v1.3.0
29 Povilas Kanapickas
8 Pierre Tardy
5 Chih-Hsuan Yen
1 Micael Oliveira
1 Robin Jarry