Are there any free or open source build systems to which you can volunteer your own computer as a build agent? I haven't encountered any but I like the idea of it.
Goal
Set up a continuous integration (or at least nightly) build system for a particular open source project that needs to be independently built on all supported platforms: Windows, MacOS X, and Linux.
Requirements
- Allows arbitrary users to volunteer their computer as a new build agent to the build system.
- Supports Windows, MacOS X, and Linux systems as build agents (if the build definition appropriately supports it).
- Allows me to transfer the resulting build output (e.g. typically binary executables or libraries) back to a central location.
- Build system can either verify that the volunteered agent is capable of running the build definition or else can automatically install the necessary tools to make it so.
- Can monitor GitHub (or an arbitrary URL) for new commits (changes) to kick off a build push to available build agents.
- If no build agents of a necessary type are available, the build remains queued until it can be processed (though, is perhaps removed from the queue after a few days).
I know that I could achieve most of this by setting up a few Amazon EC2 instances using Amazon Web Services Free Tier but:
- It is only free for 12 months
- It does not offer MacOS X instances
Where I got the idea
- jQuery's TestSwarm: TestSwarm is a distributed CI setup for executing JavaScript tests in multiple browsers. The browsers available are provided by users volunteering their browsers to "join the swarm" (essentially being captured/connected to the Swarm and capable of receiving directives to execute given test suites on demand.
- Distributed computing projects like Stanford's Folding@Home software and Berkeley's BOINC infrastructure program.
- Microsoft's Team Foundation Server (TFS) Team Build: Although I generally despise TFS, its Team Build system does essentially what I'm desiring by allowing you to specify pools of build agents (server) that are capable of running a given build definition. The big difference between Team Build and what I'm seeking is that Team Build [presumably] only uses trusted, controlled servers as its build agents (versus randomly provided crowd-sourced servers).
Known issue: Security!
While I wish the process of volunteering your own computer as a build server was as easy as volunteering your browser to TestSwarm, there are obviously a huge set of security implications when allowing access to your actual filesystem and command processing engines:
- The client computers (build agents) will want to ensure that the build system is not trying to execute anything malicious on their generously volunteered computer.
- The build system will want to ensure that the "untrusted" client computers (build agents) aren't producing malicious build outputs (e.g. using a hacked version of GCC to produce malware/virus-ridden binaries). This is a huge issue and can likely only be overcome by having the build system install its own software (a la Folding@Home) that wraps the entire build process up such that the build agent doesn't have any external input to the build (e.g. doesn't rely on additional tools that the user had to install, such as compilers). Otherwise, the build system would have to at least request that two different build agents built the same binaries so that the output could be compared and verified.
Jenkins can do it with slaves. See this document. You can group slaves by giving them (multiple) labels and "attach" builds to labels. Jenkins slave agents can run under users with limited permissions. An agent can be started and terminated by slave owner - thus they can be sure that there are no security issues.
One potential issue is that a slave can be brought down during a build.