Build Server setup

[ericsomdahl]

I have removed the bug report template as this is not a bug. I have started the process of setting up a build environment for the ethereum classic project. Jetbrains has given the Ethereum Classic Github organization an Unlimited license for their TeamCity CI/CD server.

Thus far

1. the TeamCity server has been installed in AWS
2. Linux build agent has been installed and is running in AWS
3. Windows 2012 R2 build agent has been installed and is running in AWS
4. OSX build agent has been installed and is running
5. the OSX agent will be co-located shortly and will be offline during shipping
6. ETC github org (and projects underneath) is set up with Bintray as a CDN for artifacts generated by our build jobs

Specific Geth items done:

1. Build jobs for Linux and OSX are polling the develop branch and successfully building

Incomplete items specific to geth:

1. Build job for Windows is polling develop branch but the build is failing. Due to an environmental issue on the build node that remains to be troubleshot.
2. ARM Build agent needs to be built. Probably a co-located RPi 3
3. Teamcity needs additional configuration so that build artifacts from the develop branch jobs will be uploaded to Bintray
4. A TeamCity job needs/could to be created that builds release artifacts from tags? (See below re: signing)

Signing Release Artifacts

We need to decided on a strategy for signing release artifacts. We have several choices

1. Bintray is capable of signing uploaded artifacts using their own private key
2. we sign artifacts prior to upload, as part of the build job
3. we can generate a keypair which is encrypted and stored by Bintray. When we upload to Bintray we also provide a passphrase, which is used by Bintray to decrypt the key and sign the artifact. See (this link)
4. We don't automate release upload at all -- when releases are created/signed they can be uploaded to Bintray by the person that did the build, using the Bintray web interface

Having the TeamCity build server sign the releases is a non-starter in my opinion, for obvious security reasons. The first and third options involve private keys not fully under the control of trusted parties. The most secure option is the last one.

The Team City server can be reached at build.ethereumclassic.org. The (mostly empty) Bintray repo can be found here.

[ericsomdahl]

as a post-script: what are your thoughts regarding an actual ARM build agent compared to cross-compilation? My (naive) take on it is that a natively-compiled binary will always be better-optimized than one that is cross-compiled. Is that benefit (assuming it exists) substantial enough to merit an ARM build agent?

post post-script: should the ARM build targets be ARMv7 or ARMv8?

[ericsomdahl]

as I noted in the comparable issue for Mist, #18: I take no offense if you have other CI/CD plans. If you have made other arrangements and do not wish to use TeamCity please close this issue.

[ericsomdahl]

done 😄