Commit 7e0c2c8e authored by Zen Fu's avatar Zen Fu
Browse files

Merge branch 'add-containerized-weblate-doc'

parents 49c079f7 2dc380e7
......@@ -499,6 +499,7 @@ See also
========
- [[specification|contribute/design/translation_platform/specification]]
- [[containerized setup|contribute/design/translation_platform/containerized_setup]]
- [[documentation for translators|contribute/how/translate/with_translation_platform]]
- blueprint for future work: [[!tails_blueprint translation_platform]]
[[!meta title="Containerized setup of Weblate in Tails' Translation Platform"]]
Verification of the integrity of the source code of Weblate and its
dependencies was a concern since the beginning of this project, as compromise
of that piece would mean compromise of the Tails documentation/website. That
concern initially led to the decision of not relying on Pypi as a source of
packages, which made upgrade and maintenance of the installation more
difficult, as we then needed a new/separate way of resolving dependencies and
fetching source code.
With time it became clear that the speed of Weblate releases was much faster
than Tails' sysadmins capacity of upgrading and maintaining the platform
up-to-date. This led to the decision of redesigning the platform to use a
containerized Weblate application as provided by upstream.
Our [current Puppet code for the translation
platform](https://gitlab.tails.boum.org/tails/puppet-tails/-/tree/master/manifests/weblate)
is a result of that process and, when applied, will setup Weblate from a
container using [Podman](https://podman.io/) and configure the environment
around it to provide the other parts of the Translation Platform.
Trusted sources
===============
By using Weblate's upstream container, we are effectively trusting all parties
involved in building and distributing that container to provide the source code
as intended by the developers of Weblate and each of its dependencies.
What follows is a list of actors involved in the build and distribution chain
of the Weblate container and may need to be revisited when/if upstream changes
its process:
* The [Debian container image](https://hub.docker.com/_/debian) is used as a
[base for the Weblate container
image](https://github.com/WeblateOrg/docker/blob/ec67a204e8e22a233d47f5177ea37cb8159568bf/Dockerfile#L1).
* Some Python dependencies are installed from
[Debian](https://github.com/WeblateOrg/docker/blob/ec67a204e8e22a233d47f5177ea37cb8159568bf/Dockerfile#L64)
(build dependencies, mainly, but also pycairo and maybe others).
* Pip and Wheel are installed from
[Pypi](https://github.com/WeblateOrg/docker/blob/ec67a204e8e22a233d47f5177ea37cb8159568bf/Dockerfile#L110).
* Weblate and its requirements are all downloaded from
[Pypi](https://github.com/WeblateOrg/docker/blob/ec67a204e8e22a233d47f5177ea37cb8159568bf/Dockerfile#L122).
* Builds are automated in
[GitHub](https://github.com/WeblateOrg/docker/runs/2938139897?check_suite_focus=true#step:6:55).
* Uploads to docker.io (Docker Hub) are also automated in
[GitHub](https://github.com/WeblateOrg/docker/runs/2938978602?check_suite_focus=true#step:9:848).
* The container image is distributed through [Docker
Hub](https://hub.docker.com/r/weblate/weblate).
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment