Continuous Integration Sandbox in its own VM
If we want to automize tests for forge.typo3.org, we need to put them into a sandbox so they can't do any harm on our servers. We should use a dedicated virtual machine for that purpose which has just what it needs to run the tests. The test results (including code sniffer results etc.) should be rendered into XML files which can be fetched by a forge.typo3.org cron-job.
The fetched XML files are then rendered on forge.typo3.org - they must not be rendered on the VM because then we can't be sure they don't contain XSS attacks.
The task is to create a concept for how to run the tests on a VM and how to secure that sandbox. Implementation of that is a dedicated task which we need to settle when the concept is ready.
#1 Updated by Sebastian Kurfuerst over 11 years ago
This looks pretty much like what we want:
I'll update as soon as I know more.