precommit-hooks | ||
.gitignore | ||
aur.list | ||
installscript | ||
LICENSE | ||
maat | ||
maat.service | ||
maat.timer | ||
MaatIcon.png | ||
Makefile | ||
PKGBUILD | ||
README.md |
Continuous integration and continuous delivery (CI/CD) are integral to current DevOps mentality -- a step further is GitOps, wherein developers only need to interact with Git and their artifacts are magically available downstream. AniNIX/Maat is intended to provide this for AniNIX and ArchLinux AUR packages.
Etymology
Maat is named for the Egyptian goddess of truth and order -- Maat was deeply tied into the idea of honorable contribution to community and the flow of the Nile, from which came the lifeblood of Egypt. Truth is reflected in the Maat service's use of testing and GPG signing prior to delivering packages, and the communal aspect is that Maat is how we deliver AniNIX and AUR packages for the world to use.
Relevant Files and Software
Maat runs as a systemd.timer nightly, invoking our build script. Ad hoc builds can be requested from admins. Output gets published on the landing page from our build pipeline -- there you can download packages, view build logs, see testing status, etc.
Our CI/CD pipeline attempts to pull directly from Git sources, either from the AniNIX or the curated AUR, build those packages, and make the available to systems downstream. The /usr/local/etc/Maat/aur.list
file allows the admin to control which AUR packages are pulled and built -- output files from builds can help identify issues like missing public GPG keys or dependency issues.
Maat also consumes a GPG key. The admin will need to set up this key and publish it. You will need to add our GPG key to use the AniNIX's CI/CD.
Available Clients
As Maat is a pipeline for ArchLinux systems, the primary client is Pacman. You can see how to subscribe your host to Maat in this configuration snippet.
Equivalents or Competition
General equivalents are Jenkins or GitLab CI/CD Runners. We chose to write our own because these are resource-intensive and often insecure. AniNIX/Maat enacts exactly the steps as detailed by Arch and only offers a noninteractive dashboard -- users are only able to see the artifacts and all changes must be done in upstream.