Move backend for CDN to S3 or similar #35
Comments
|
salt states that "build" bootstrap.pypa.io's assets: https://github.com/python/psf-salt/tree/master/salt/pypa/bootstrap |
|
The main "problem" with that, which isn't really a problem problem, just something to solve is currently the setup pulls from repositories, so we don't need to distribute secrets anywhere (other than VCS secrets, which we need anyways). Switching to a push based model would mean that we need to distribute S3 keys to all of the projects that are currently publishing to bootstrap.pypa.io. Another option might be to only support Github repositories as a source of truth, and use lambda to listen for push hooks from GitHub, and automatically fetch and upload to S3 in response to them? |
|
This should be a bit easier now with GitHub Actions, which can take care of the triggering and holding secrets. An example of uploading to an s3 bucket on push can be found here. |
Currently bootstrap.pypa.io's backend is a VM, which has some flexibility in managing how bootstrap.pypa.io is "put together", which is susceptible to all the failings of kernel panics and misconfiguration that can lead to outages.
It might be worth considering migrating the generation of the files to be the responsibility of CI and syncing the result to S3. This would likely be more reliable than even spinning up a second host and would certainly be cheaper.
Ref #34
The text was updated successfully, but these errors were encountered: