How to expose an OSS build server?

time to read 1 min | 89 words

I just finished setting up a build server for Rhino Tools. Ideally, I want it to be publicly accessible, and have people download the build artifacts after each build. However, CC.Net is not something that you want to just expose to the web. It has no security model (any random Joe can just start a build, hence DOS).

Any suggestions?

I should note that anything that involves significant amount of time is going to be answered with: "Great, when can you help me do that".

Tweet Share Share 26 comments

Tags:

Open Source

Comments

17 Sep 2008
04:46 AM

Rob Conery

JetBrains TeamCity yo! It's free and groovy...

http://blog.wekeroad.com/2008/01/27/source-control-and-continuous-integration-on-the-cheap/

17 Sep 2008
04:50 AM

Ayende Rahien

I have tried that, but I don't think it is the solution. I need a way to publish state of builds, and get their artifacts, not the CI itself.

17 Sep 2008
04:59 AM

Nick

I agree TeamCity is the greatest. So easy to setup new builds, expose artifacts... Pretty much is the greatest cc build tool I have seen.

17 Sep 2008
06:04 AM

Chad Myers

@Ayende:

Hrm, I can't remember off the top of my head, but I think CC.NET and TeamCity both have the ability to run post-successful-build command-line scripts.

Could you just have it/them FTP the artifact to your web server somewhere?

17 Sep 2008
06:06 AM

josh

are you talking about the build status reports? if so, I believe there is a ccnet plugin that will output the status to an html file which can be on a web server of course. I have a ccnet server running at home and at work; and the one at work might be using that plugin. I'll check tomorrow.

17 Sep 2008
06:19 AM

Ayende Rahien

I am talking about the build report and the build artifacts.

I know I can just copy them somewhere, I am trying to see if there is a good story around that.

17 Sep 2008
06:20 AM

Ayende Rahien

The plugin name would be very welcome

17 Sep 2008
06:28 AM

Just create 2 virtual directories:

First is CC.NET and has anonymous access disabled

Second is the build artifacts directory has anonymous access enabled

17 Sep 2008
06:39 AM

josh

Maybe I'm thinking of another build system.. don't find the one single plugin I thought existed. I'll check my work CI tomorrow. In the meantime. you can do it with a little XSL and ccnet features..

xsl plugin to transform xml reports by ccnet:

http://ccnet.sourceforge.net/CCNET/XSL%20Report%20Build%20Plugin.html

publish the file:

http://ccnet.sourceforge.net/CCNET/Build%20Publisher.html

some help:

http://ccnet.sourceforge.net/CCNET/index.html

17 Sep 2008
06:40 AM

josh

have you tried asking hammet or one of the castle guys (like you ;) how the castle build server outputs status?

http://builds.castleproject.org/cruise/index.castle

17 Sep 2008
06:47 AM

Sergey

Example of Exposed TeamCity

http://teamcity.jetbrains.com/overview.html

17 Sep 2008
07:04 AM

Patrick De Boeck

FTP your artifacts using MSBuild to your online server, but keep the CI private

17 Sep 2008
07:25 AM

Torkel

I am also interested in this, I just configured a ccnet server on a public server and was also hit by the lack of security.

How does the castle build handle this? Also teamcity looks good, and the professional licence is free, did not know that, I will try it!

17 Sep 2008
07:57 AM

Ryan Roberts

The CI factory fork of ccnet has some minimal security built in. Hudson is another possibility that's nearly as simple to get going as teamcity.

17 Sep 2008
08:25 AM

Peter Mounce

Thoughtworks Studios' Cruise.

5 minutes to set up
XML config, but easy XML
Basic security model; I think you can then restrict people from DOS'ing (I haven't needed to look beyond "oh, basic security exists")
Publish artifacts via RESTful API
Split build ("pipeline") up into stages containing parallelisable jobs (decrease complexity of build scripts, at the cost of (if more than one agent being used) pushing artifacts to and from the server)
Free for 2 build agents

17 Sep 2008
12:17 PM

ruben Willems

Security is in the pipeline for ccnet,

we hope to get it in the next release 1.4.1?

somewhere in the next months.

17 Sep 2008
13:02 PM

Eric Hauser

Isn't http://builds.castleproject.org/ what you are looking for? I'm not sure how the out is produced, but it is obviously based off of CC.NET.

17 Sep 2008
14:17 PM

Rinat Abdullin

You can disable starting builds from the dashboard (and use commit-line switches to let people control the builds).
Dashboard can be secured completely by IIS Authentication and you can keep the XmlServerReport.aspx public to let CCTray connect in read-only mode.
If you copy the artifacts and the other projects deliverables to some Distrib/[BuildLabelName] folder, just make this folder available through the FTP.
Just run everything on the VM and you should close the majority of threats from script-through-SVN.

17 Sep 2008
23:34 PM

dave

Ditto the 2 virtual directories idea. Easy peasy.

18 Sep 2008
14:15 PM

Dave

Not sure if this will be helpful (since it's also one of those "copy build artifacts" solutions), but our build automatically commits build artifacts to a SVN tag in a special repository (which can use different permissions). Since every successful build does this, we have a complete history of our build's outputs available through the standard SVN interface... Pretty easy to implement, too.

18 Sep 2008
20:08 PM

Rinat Abdullin

Dave,

what's the point?

You still can produce exactly the same binaries on any machine, if you know the revision, cannot you?

19 Sep 2008
05:25 AM

Dave

Rinat,

that's true, but this is meant for people accessing them from non-development machines. So somebody who needs a specific build doesn't have to have a development environment ready - for example, if a tester wants to reproduce a bug and determine in which version exactly was it introduced, they don't have to be able or know how to build them.

20 Sep 2008
03:06 AM

MIke

I have had a great experience with Team City...no xml and a snap to access artifacts.

23 Sep 2008
05:08 AM

Jeff Brown

For Gallio I just put CCNet up.

Initially I had it set so that the Force Build button was disabled, but that was too much of a pain. I figure the worst someone can do is to cause a bunch of redundant builds. Not much of a serious DOS worry because builds get queued anyways.

Then there's a virtual directory pointing at the distributables for download. This is just a raw directory listing so it's not really intended for end-users.

23 Sep 2008
10:43 AM

Rinat Abdullin

Dave,

I see your point. But in a project with lots of commits per day ("commit early") there will be too many binary versions saved on the server. What's the point?

I normally configure integration to copy binary to "Distrib/[Version]" only on Forced Build or if there is "#Distrib" switch in the commit message

25 Sep 2008
21:03 PM

Sebastian Jancke

Ayende,

I have been comparing a lot build / ci systems lately. CC.NET drove me crazy (ui sux, sorry) and it's hard to manage a lot of projects in a single instance (no administration in ui). Sadly, CC is so much better (on the ui), but that quality has not been ported (currently). TeamCity is really nice, but you have been talking about OSS, so read on ;-)

My suggesting would be to try Hudson. It's written in java as an extensible build and ci system. It currently supports nearly all scms one can imagine to really use, has integration for msbuild and nant, also other plugins for warnings-tracking support msbuild-output, the plugin for violations-tracking supports (among java-tools) also fxcop, stylecop and simian. You can have an nunit-report-transformation plugin out of the box. The whole project is currently really active and Sun has been putting one fulltime developer (the project initiator) on it. There are plenty of plugins for all kinds of things: building, reports, notification (mail, jabber, ...), integration for popular authentification and authorization systems (ads, ldap, ...).

The best: it has a "complete" remote api.

Developing new plugins is fairly easy (or modifing existing ones).

Usually, I'm not demanding good ui configuration, but we have to deal with lot of projects in multiple instances. Hudson has an amazing fast, good-looking ui, that gives you a lot of help and guidance, so using and configuring it is a really easy task.

-Sebastian

Comment preview

Comments have been closed on this topic.

Markdown turns plain text formatting into fancy HTML formatting.

Phrase Emphasis

*italic*   **bold**
_italic_   __bold__

Links

Inline:

An [example](http://url.com/ "Title")

Reference-style labels (titles are optional):

An [example][id]. Then, anywhere
else in the doc, define the link:
  [id]: http://example.com/  "Title"

Images

Inline (titles are optional):

![alt text](/path/img.jpg "Title")

Reference-style:

![alt text][id]
[id]: /url/to/img.jpg "Title"

Headers

Setext-style:

Header 1
========
Header 2
--------

atx-style (closing #'s are optional):

# Header 1 #
## Header 2 ##
###### Header 6

Lists

Ordered, without paragraphs:

1.  Foo
2.  Bar

Unordered, with paragraphs:

*   A list item.
    With multiple paragraphs.
*   Bar

You can nest them:

*   Abacus
    * answer
*   Bubbles
    1.  bunk
    2.  bupkis
        * BELITTLER
    3. burper
*   Cunning

Blockquotes

> Email-style angle brackets
> are used for blockquotes.
> > And, they can be nested.
> #### Headers in blockquotes
> 
> * You can quote a list.
> * Etc.

Horizontal Rules

Three or more dashes or asterisks:

---
* * *
- - - -

Manual Line Breaks

End a line with two or more spaces:

Roses are red,   
Violets are blue.

Fenced Code Blocks

Code blocks delimited by 3 or more backticks or tildas:

```
This is a preformatted
code block
```

Header IDs

Set the id of headings with {#<id>} at end of heading line:

## My Heading {#myheading}

Tables

Fruit    |Color
---------|----------
Apples   |Red
Pears	 |Green
Bananas  |Yellow

Definition Lists

Term 1
: Definition 1
Term 2
: Definition 2

Footnotes

Body text with a footnote [^1]
[^1]: Footnote text here

Abbreviations

MDD <- will have title
*[MDD]: MarkdownDeep

Oren Eini

Oren Eini

CEO of RavenDB