Monorepo for building and publishing multiple Docker containers as microservices within a single repository.

• Table of Contents
  • What is Orion?
  • How does it operate?
  • Build Instructions and Development
    • Usage
    • Testing

Orion is a build environment for containerized services we run in our Fuzzing infrastructure (eg. libFuzzer).

For spawning a cluster of Docker containers at EC2 or other cloud providers, see the parent project Laniakea.

CI and CD are performed autonomously with Taskcluster and the Orion Decision service. A build process gets initiated only if a file of a particular service has been modified, or if a parent image is modified. Each image is either tagged with the latest revision or latest before being published to the Docker registry and as Taskcluster artifacts. For more information about each service take a look in the corresponding README.md of each service or check out the Wiki pages for FAQs and a Docker cheat sheet.

You can build, test and push locally, which is great for testing locally. The commands below are general, and each service may have more specific instructions defined in the README.md of the service.

TAG=dev
docker build -t mozillasecurity/service:$TAG ../.. -f Dockerfile

... or to test the latest build:

TAG=latest

Running the fuzzer locally:

eval $(TASKCLUSTER_ROOT_URL=https://community-tc.services.mozilla.com taskcluster signin)
LOGS="logs-$(date +%Y%m%d%H%M%S)"
mkdir -p "$LOGS"
docker run --rm -e TASKCLUSTER_ROOT_URL -e TASKCLUSTER_CLIENT_ID -e TASKCLUSTER_ACCESS_TOKEN -it -v "$(pwd)/$LOGS":/logs mozillasecurity/service:$TAG 2>&1 | tee "$LOGS/live.log"

... add any environment variables required by the fuzzer using -e VAR=value. Some fuzzer images alter kernel sysctls and will require docker run --privileged.

Before a build task is initiated in Taskcluster, each shell script and Dockerfile undergo a linting and testing process which may or may not abort each succeeding task. To ensure your Dockerfile passes, you are encouraged to install the pre-commit hook (pre-commit install) prior to commit, and to run any tests defined in the service folder before pushing your commit.