Repository files navigation

Monorepo for building and publishing multiple Docker containers as microservices within a single repository.

• Table of Contents
  • What is Orion?
  • How does it operate?
  • Build Instructions and Development
    • Usage
    • Testing

Orion is a build environment for containerized services we run in our Fuzzing infrastructure (eg.libFuzzer).

For spawning a cluster of Docker containers at EC2 or other cloud providers, see the parent projectLaniakea.

CI and CD are performed autonomously with Taskcluster and theOrion Decision service. A build process gets initiated only if a file of a particular service has been modified, or if a parent image is modified. Each image is either tagged with the latestrevision orlatest before being published to theDocker registry and asTaskcluster artifacts. For more information about each service take a look in the corresponding README.md of each service or check out theWiki pages for FAQs and a Docker cheat sheet.

You can build, test and push locally, which is great for testing locally. The commands below are general,and each service may have more specific instructions defined in the README.md of the service.

TAG=devdocker build -t mozillasecurity/service:$TAG ../.. -f Dockerfile

... or to test the latest build:

TAG=latest

Running the fuzzer locally:

eval $(TASKCLUSTER_ROOT_URL=https://community-tc.services.mozilla.com taskcluster signin)LOGS="logs-$(date +%Y%m%d%H%M%S)"mkdir -p "$LOGS"docker run --rm -e TASKCLUSTER_ROOT_URL -e TASKCLUSTER_CLIENT_ID -e TASKCLUSTER_ACCESS_TOKEN -it -v "$(pwd)/$LOGS":/logs mozillasecurity/service:$TAG 2>&1 | tee "$LOGS/live.log"

... add any environment variables required by the fuzzer using-e VAR=value. Some fuzzer images alter kernel sysctls and will requiredocker run --privileged.

Before a build task is initiated in Taskcluster, each shell script and Dockerfile undergo a linting and testing process which may or may not abort each succeeding task. To ensure your Dockerfile passes, you are encouraged to install thepre-commit hook (pre-commit install) prior to commit, and to run any tests defined in the service folder before pushing your commit.