Fiddle is broken in to two pieces, each run as containers on kubernetes.
A number of fiddlers are run on kubernetes and await code sent by fiddle. After a single run the container is deleted and kubernetes will schedule a replacement pod.
+-------------------+
| | +--------------------+
| | | |
| Fiddle +------------------->+ Fiddler |
| | | |
| | +--------------------+
+-------------------+
.
.
.
+--------------------+
| |
| Fiddler |
| |
+--------------------+
The URL structure of fiddle is:
/c/cbb8dee39e9f1576cd97c2d504db8eee - Direct link to a fiddle.
Links to individual resources:
/i/cbb8dee39e9f1576cd97c2d504db8eee_raster.png /i/cbb8dee39e9f1576cd97c2d504db8eee_gpu.png /i/cbb8dee39e9f1576cd97c2d504db8eee.pdf /i/cbb8dee39e9f1576cd97c2d504db8eee.skp
Links to individual resources for a given commit:
/ai/<runid>/cbb8dee39e9f1576cd97c2d504db8eee_raster.png /ai/<runid>/cbb8dee39e9f1576cd97c2d504db8eee_gpu.png /ai/<runid>/cbb8dee39e9f1576cd97c2d504db8eee.pdf /ai/<runid>/cbb8dee39e9f1576cd97c2d504db8eee.skp
Where runid is the hash timestamp and git hash of a particular version of Skia.
To create a new fiddle, POST JSON to /_/run of the form:
{
"code":"void draw(SkCanvas...",
"width":256,
"height":256,
"source":0,
}
Embedding fiddles in iframes is done by:
/iframe/cbb8dee39e9f1576cd97c2d504db8eee
Which should really just be a version of index.html that strips out much of the surrounding elements.
Fiddles are stored in Google Storage under gs://skia-fiddle/, which is different from fiddle 1.0 where they were stored in MySql. For each fiddle we store the user's code at:
gs://skia-fiddle/fiddle/<fiddlehash>/draw.cpp
The image width, height, and source (as a 64bit int) values are stored as metadata on the draw.cpp file.
Note that the fiddlehash must match the hash generated by fiddle 1.0, so that hash is actually the hash of the user's code with line numbers added, along with the width and height added in a comment. We also store the rendered images:
gs://skia-fiddle/fiddle/<fiddlehash>/cpu.png gs://skia-fiddle/fiddle/<fiddlehash>/gpu.png gs://skia-fiddle/fiddle/<fiddlehash>/skp.skp gs://skia-fiddle/fiddle/<fiddlehash>/pdf.pdf
Named fiddles are actually just like soft links from a name to the fiddleHash of a fiddle. The named fiddles are stored in:
gs://skia-fiddle/named/<fiddle name>
Where the name of the fiddle is the filename, and the contents of the file is the fiddleHash. The id of the person that created the named shortcut is attached as metadata to the file.
Source images are packaged into each container.
We're putting a C++ compiler on the web, and promising to run the results of user submitted code, so security is a large concern. Security is handled in a layered approach, using a combination of limits, AppArmor, and network profiles.
limits
AppArmor
Network
Capabilities
User
Lifetime
RBAC
A backup of all the named fiddles from gs://skia-fiddle/named to gs://skia-fiddle-backup takes placed on a daily basis. See:
https://console.cloud.google.com/storage/transfer?project=google.com:skia-buildbots