|
| 1 | ++++ |
| 2 | +path = "inside-rust/9999/12/31/infrastructure-team-q3-recap-and-q4-plan" |
| 3 | +title = "Infrastructure Team 2025 Q3 Recap and Q4 Plan" |
| 4 | +authors = ["Marco Ieni"] |
| 5 | + |
| 6 | +[extra] |
| 7 | +team = "The Rust Infrastructure Team" |
| 8 | +team_url = "https://www.rust-lang.org/governance/teams/infra#team-infra" |
| 9 | ++++ |
| 10 | + |
| 11 | +As we wrap up the third quarter of 2025, the Infrastructure Team is excited to share what we've accomplished and what's coming next. |
| 12 | + |
| 13 | +## Q3 2025 Accomplishments |
| 14 | + |
| 15 | +### crates-io-auth-action |
| 16 | + |
| 17 | +We created the [`crates-io-auth-action`](https://github.com/rust-lang/crates-io-auth-action), which can be used to obtain publish tokens for `crates.io` |
| 18 | +using [trusted publishing](https://crates.io/docs/trusted-publishing). |
| 19 | + |
| 20 | +### Critical data asset backup |
| 21 | + |
| 22 | +One of our most important security improvements this quarter was establishing an out-of-band backup system for Rust's critical data assets. |
| 23 | +Previously, all of Rust's releases and crates were stored exclusively on AWS. |
| 24 | +We've now created a backup in Google Cloud Platform that includes all Rust |
| 25 | +releases and crates, with daily incremental updates. |
| 26 | + |
| 27 | +The GCP account is owned by two Rust Foundation staff members who are not AWS administrators |
| 28 | +(i.e. they aren't admins of the Infrastructure team). |
| 29 | +This makes it significantly more difficult for an attacker to compromise or delete both the primary and backup data, as they would need to breach at least two separate accounts. |
| 30 | + |
| 31 | +Learn more about this initiative in our |
| 32 | +[docs](https://github.com/rust-lang/infra-team/blob/3292c4614889ac7427dc4729bd0ad3ee97ab5be7/service-catalog/rust-assets-backup/README.md). |
| 33 | + |
| 34 | +### CDNs alerts |
| 35 | + |
| 36 | +The CDNs for Rust releases and crates are critically important for users of Rust. If either suffers a service disruption, it has a direct impact on the ability of users to install Rust and build their projects. |
| 37 | + |
| 38 | +In the past, we had set up integrations for AWS CloudFront and Fastly, our Content Delivery Networks, with Datadog, our monitoring platform. While we had metrics coming into Datadog in real-time, we had not set up alerts on top of them. |
| 39 | + |
| 40 | +In Q3, we created multiple alerts that monitor our CDNs and report when traffic falls below pre-defined thresholds. These alerts ping the engineering team at the Rust Foundation, which has a runbook for incidents that includes notifying the community. |
| 41 | + |
| 42 | +GitHub issue: [rust-lang/infra-team#179](https://github.com/rust-lang/infra-team/issues/179). |
| 43 | + |
| 44 | +### `rust-lang.org` is now a static website |
| 45 | + |
| 46 | +We converted [`rust-lang.org`](http://rust-lang.org) from a Rust webserver deployed on Heroku to a static website hosted on GitHub Pages. |
| 47 | +This change eliminates several security and operational concerns: |
| 48 | + |
| 49 | +- **Enhanced security**: Static sites are inherently more secure and less vulnerable to DDoS attacks. |
| 50 | +- **Simplified infrastructure**: Removes the complexity of managing a web server, which is unnecessary |
| 51 | + to serve static content. |
| 52 | +- **Cost reduction**: GitHub Pages hosting is free, while the Foundation was paying for the previous |
| 53 | + Heroku deployment. |
| 54 | +- **Improved robustness**: Static hosting is generally more reliable and performant. |
| 55 | + |
| 56 | +Thanks to [Manishearth](https://github.com/Manishearth) and [senekor](https://github.com/senekor) from the website team for their reviews and support. |
| 57 | + |
| 58 | +GitHub PR: [rust-lang/www.rust-lang.org#2174](https://github.com/rust-lang/www.rust-lang.org/issues/2174). |
| 59 | + |
| 60 | +### GitHub organization members cleanup |
| 61 | + |
| 62 | +The Infra Team created an automation to clean up all GitHub organizations managed by the Rust Project by removing members who are not part of any team within those organizations. |
| 63 | +You can learn more in the Inside Rust Blog [post](https://blog.rust-lang.org/inside-rust/2025/08/26/removing-inactive-members-from-github-organizations/). |
| 64 | + |
| 65 | +Thanks to [me-diru](https://github.com/me-diru) for starting the implementation work. |
| 66 | + |
| 67 | +### The new Bors runs Rust CI try builds |
| 68 | + |
| 69 | +The infra and [bors](https://rust-lang.org/governance/teams/infra/#team-infra-bors) |
| 70 | +teams continued working on migrating the Rust CI from the legacy bors ([homu](https://github.com/rust-lang/homu)) |
| 71 | +to the new [bors](https://github.com/rust-lang/bors), written in Rust. |
| 72 | + |
| 73 | +Starting from July, all try builds (`@bors try`) run exclusively through the new bors. |
| 74 | +This is a significant step forward in improving the reliability of our continuous integration infrastructure. |
| 75 | + |
| 76 | +GitHub PR: [rust-lang/bors#352](https://github.com/rust-lang/bors/pull/352) |
| 77 | + |
| 78 | +### Support optional CI jobs |
| 79 | + |
| 80 | +So far, CI only had jobs that ran on PRs or when a merge to the default branch was attempted (i.e. the auto build). |
| 81 | +We added the ability to add CI jobs that only run on-demand, so that contributors can run these tests on PRs whenever they are worried that they might break certain parts of the codebase. This is useful to test tier 2 and tier 3 targets in CI, whose tests don’t always run on CI by default. |
| 82 | + |
| 83 | +This feature was requested in [\#t-infra \> Testing for T2/T3 targets](https://rust-lang.zulipchat.com/#narrow/channel/242791-t-infra/topic/Testing.20for.20T2.2FT3.20targets/with/526715751) and documented in [rust-lang/rust#143283](https://github.com/rust-lang/rust/pull/143283). |
| 84 | + |
| 85 | +### Repositories default branch rename |
| 86 | + |
| 87 | +We're updating our repositories to use more inclusive naming conventions. This quarter, we renamed the default branches from `master` to `main` in the [`rustc-dev-guide`](https://github.com/rust-lang/rustc-dev-guide) ([PR](https://github.com/rust-lang/rustc-dev-guide/pull/2570)), [`www.rust-lang.org`](https://github.com/rust-lang/www.rust-lang.org) ([PR](https://github.com/rust-lang/www.rust-lang.org/pull/2205)) and [`blog.rust-lang.org`](https://github.com/rust-lang/blog.rust-lang.org) ([PR](https://github.com/rust-lang/blog.rust-lang.org/pull/1689/)) repositories. |
| 88 | + |
| 89 | +Thanks to [senekor](https://github.com/senekor), [tshepang](https://github.com/tshepang), [carols10cents](https://github.com/carols10cents) and all the other people involved. |
| 90 | + |
| 91 | +### Talks and interviews |
| 92 | + |
| 93 | +At RustConf 2025: |
| 94 | + |
| 95 | +- [JD](https://github.com/jdno) was interviewed about the Rust Infrastructure team. You can find the video [here](https://www.youtube.com/watch?v=r7i-2wHtNjw). |
| 96 | +- [Marco](https://github.com/marcoieni) presented the talk *"How We Made the Rust CI 75% Cheaper"*. The video will be published soon in the [Rust Foundation YouTube channel](https://www.youtube.com/@rustfoundation). |
| 97 | + |
| 98 | +## Q4 2025 Plans |
| 99 | + |
| 100 | +Looking ahead to the fourth quarter of Q4, we planned the following initiatives: |
| 101 | + |
| 102 | +### Hire a new Rust Foundation infrastructure engineer |
| 103 | + |
| 104 | +[JD](https://github.com/jdno), one of the two Infrastructure Engineers employed full time at the Rust Foundation resigned to start his own company. |
| 105 | +JD is staying in the team as a volunteer, but the amount of time he can dedicate to the team will be lower than before. |
| 106 | +This quarter, we want to hire a new Infrastructure Engineer to restore the previous capacity of the team. |
| 107 | +Follow the Foundation's social media and [careers page](https://rustfoundation.org/careers/) if you want to know when the position is posted. |
| 108 | + |
| 109 | +We would like to take this opportunity to thank JD for his 3 years of |
| 110 | +invaluable contributions and support to the Rust Infrastructure team and the Rust community. |
| 111 | +To learn more about his transition, you can read his [blog post](https://www.jdno.dev/leaving-the-rust-foundation/). |
| 112 | + |
| 113 | +### docs.rs infrastructure modernization |
| 114 | + |
| 115 | +[docs.rs](https://docs.rs) is still deployed to a single, manually provisioned and managed EC2 instance. |
| 116 | +We want to collaborate with the [docs.rs](http://docs.rs) team to understand what kind of infrastructure would fit [docs.rs](http://docs.rs) better and provision it, to make [docs.rs](http://docs.rs) more robust and scalable. |
| 117 | + |
| 118 | +### External hardware CI policy |
| 119 | + |
| 120 | +Today, we run CI only on AWS and GitHub-hosted runners, which are operated by us. |
| 121 | +Unfortunately, these cloud providers don't support all Rust [targets](https://doc.rust-lang.org/rustc/platform-support.html), and emulation has limitations. |
| 122 | +To raise the tier of some of these targets, |
| 123 | +some organizations have offered to run the Rust CI on their own hardware. |
| 124 | + |
| 125 | +We want to write a policy to define the requirements that the external hardware and the entity operating it must satisfy. |
| 126 | +E.g. if the hardware has an uptime of 50%, we can't run CI jobs on it, because it would block the development of Rust. |
| 127 | + |
| 128 | +GitHub issue: [rust-lang/infra-team\#201](https://github.com/rust-lang/infra-team/issues/201) |
| 129 | + |
| 130 | +### GCP Dev Desktops |
| 131 | + |
| 132 | +Google donated the Rust Foundation some GCP credits for next year. |
| 133 | +We want to use part of the credits to spin up one or two dev desktops in GCP to give more VMs to contributors working on Rust. |
| 134 | + |
| 135 | +Note that these machines can be discontinued in the future based on funding. |
| 136 | + |
| 137 | +Learn more about Dev Desktops in the [Rust Forge](https://forge.rust-lang.org/infra/docs/dev-desktop.html). |
| 138 | + |
| 139 | +### Conferences |
| 140 | + |
| 141 | +Some members of the Infrastructure team will attend [EuroRust](https://www.eurorust.eu/) and [RustLab](https://rustlab.org/). |
| 142 | +Feel free to reach out to us if you want to meet in person! |
| 143 | + |
| 144 | +In particular, on November 4th, [Marco](https://github.com/marcoieni) is giving a talk at RustLab named *“1.5 years in the infra team: what we cooked and what’s next”*. |
| 145 | + |
| 146 | +## Join us! |
| 147 | + |
| 148 | +If you're interested in contributing to Rust's infrastructure, have a look at the |
| 149 | +[infra-team](https://github.com/rust-lang/infra-team) repository to learn more about us |
| 150 | +and reach out on [Zulip](https://rust-lang.zulipchat.com/#narrow/channel/242791-t-infra). |
| 151 | + |
| 152 | +We are always looking for new contributors! |
0 commit comments