Decentralized devops

Hi,

I’ve been thing about a way to integrate devops into a radicle workflow and wanted to share my thoughts and see what other people are thinking, or may have already done.

The immediate use case under consideration are actions initiated by code commits. Such events are useful for running tests, building artifacts, and performing updates.

This line of thinking leads to 2 areas, change detection and action result reporting.

The first seems possible by following a user’s Device ID with some automated upstream client (or remote-follow-agent). This remote-follow-agent can monitor a project for changes and run tasks described in the project itself. With this subscription model, many actors can follow the same project for redundancy and there is no need for central coordination of who gets what events. You could imagine different remote-follow-agents performing different actions based on evaluation of what has changed with a project and their particular configuration. Maybe they ignore certain types of changes, act differently on others, etc.

The second is more complicated is a decentralized scenario where actors may be malicious. How do you verify the job was done correctly? How are results recorded and referenced?

These are just some ideas I’ve had, and have heard discussed and I am really curious if anyone else is thinking about them.

Thanks!
Ben

3 Likes

We’ve been thinking about this for some time. I think the approach you suggest is the right one: on push to the rad remote, either some remote node can pick up the change and run a job, or your local node can do so, and call a remote service to trigger a job.

In terms of trust, I think the simplest model is to define which service you trust (by public key) and have that service sign the job results. The client can then verify these results locally, and if the signature is valid, display the result to the user.

There are more expensive and decentralized variations of this, for eg. by dispatching the job to three workers and checking that they produce the same output, but in terms of bang for the buck, I think the approach above is more effective.

1 Like

I’ve got an idea how to practically do the trustless part for build verify game: outsource it to https://truebit.io/ which is a protocoll for challange/verify type games with a running wasm vm on ethereum mainnet. An assembly emulator, running linux, could be compiled to wasm which executes all build tasks and pushes results to ipfs.