Add CI #35
Add CI #35
Conversation
jkmassel
force-pushed
the
add/ci
branch
5 times, most recently
from
906e285 to
a6776f2
Compare
.buildkite/pipeline.yml
Outdated
| plugins: &common_plugins | ||
| - automattic/a8c-ci-toolkit#2.17.0 | ||
| # Common environment values to use with the `env` key. | ||
| env: &common_env |
There was a problem hiding this comment.
Since this is a multi-platform project and the IMAGE_ID is Swift specific value, it might be worth being more specific with the name.
There was a problem hiding this comment.
Unfortunately we can't customize the environment variable name – rather than do too much weirdness, I've just pulled down the image ID into the step that needs it for now (see ebe78fc)
There was a problem hiding this comment.
I thought the common_env bit was a given name which then gets referred to in the rest of the yml. Could you clarify why we can't customize the name? Do we have tooling that expects it?
There was a problem hiding this comment.
Ohh, yeah that part could be renamed for sure.
If we need to re-introduce it, it could be mac_env or something
| # Common environment values to use with the `env` key. | ||
| env: &common_env | ||
| IMAGE_ID: xcode-15.2 | ||
|
|
There was a problem hiding this comment.
It might be worth adding the default agent here for accessibility.
| @@ -0,0 +1,38 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Since this is used in Docker compose, it probably doesn't belong to the .buildkite directory.
There was a problem hiding this comment.
That's a pattern taken from elsewhere – scripts and CI-related stuff can go in here.
I'm fine to leave it a bit awkward until/unless we make a scripts directory or something, but I figure for just this it might not make sense to clutter up the root directory?
I assume we'll have more of these before long!
There was a problem hiding this comment.
I like the idea of using scripts directory for this kind of stuff. This repo will likely have several scripts that'll be used outside of the CI, so I don't think we need to wait to have more scripts for this.
Even with a single script, I encountered this same issue before and ended up adding a scripts directory in WCAndroid. (which probably is not necessary anymore with the Releases v2 🤔 )
| --skip-email | ||
|
|
||
| ## Ensure URLs work as expected | ||
| wp rewrite structure '/%year%/%monthnum%/%postname%/' |
There was a problem hiding this comment.
I am just curious about this one. Does this have any risk of our setup being different from other sites - making the tests less useful?
There was a problem hiding this comment.
This is the closest thing to a "default" that the ecosystem has IMHO.
Fortunately, it's easy to change later without breaking anything else
| swiftlint_container := ghcr.io/realm/swiftlint:0.53.0 | ||
|
|
||
| docker_opts_shared := --rm -v "$(PWD)":$(docker_container_repo_dir) -w $(docker_container_repo_dir) | ||
| rust_docker_run := docker run -v $(PWD):/$(docker_container_repo_dir) -w $(docker_container_repo_dir) -it -e CARGO_HOME=/app/.cargo $(rust_docker_container) |
There was a problem hiding this comment.
I am curious about the location choice for the CARGO_HOME.
I got very confused about this when I was reviewing the change about it in .gitignore, because there shouldn't be a .cargo folder in the project in a regular Rust project setup.
Do we need the CARGO_HOME in Docker to be in the /app directory? If not, wouldn't it be easier to not put it there and then we won't have to ignore it in other places?
There was a problem hiding this comment.
There's a pragmatism vs correctness question here 😅
By default, the Cargo cache isn't persisted between runs so a ton of time is wasted re-fetching the dependency information every time you do anything. There are two ways to cache it and fix this:
- Mount an external cache into the container – maybe sharing the same one that the host uses. You can have weirdness with that on Linux if you're not careful about file permissions – Docker can create a directory that the host can't modify later. Also, from a security/safety perspective I like to avoid Docker mounting anything outside the project directory.
- Mount the project directory, and have everything in the Docker container work relative to that – this is why there's a
.cargodirectory in a seemingly odd place. By putting it there, it's persisted between Docker invocations but there's no possibility of it messing up the developer's workstation because it's an isolated cache.
We could rename it to .cache or even put it under target – doesn't really matter where it goes, but it's much faster to run code under Docker if we cache the results this way.
There was a problem hiding this comment.
Thank you for the explanation. Now that I understand why we are doing this, I think the main issue is that it's called .cargo because it's the default name and can get mixed up with the actual CARGO_HOME the host uses. If we rename it to something like .docker_cargo_home, then there are no issues. With a specific name, it's also fairly easy to figure out how it's used by searching the name in the repo. What do you think?
P.S: I actually spent some time researching the .cargo directory while reviewing the PR. It took me embarrassingly long to realize that it could be something we are generating. 😞
| test_credentials | ||
| /logs | ||
|
|
||
| # CI Cache |
There was a problem hiding this comment.
I left a comment about CARGO_HOME in Makefile, but if we do decide to keep the .cargo folder in the project, I think we should mention that this is about Docker and not CI since we can and probably will run Docker commands from local environment as well.
| volumes: | ||
| - ./.buildkite/setup-test-site.sh:/setup-test-site.sh:ro | ||
| - ./.wordpress/wp-config.php:/var/www/html/wp-config.php:ro | ||
| - ./test_credentials:/tmp/test_credentials |
There was a problem hiding this comment.
If I am understanding the setup correctly, it feels a bit backwards to me.
In test-server, we remove the file, re-create it, then we deploy it to Docker which will get it populated in .buildkite/setup-test-site.sh.
I think any test credential that's created and used by Docker should stay in Docker and not get exposed or altered by the local environment. Similarly, any local test credential shouldn't be altered when a Docker command is run.
With the Docker setup, we probably don't need a local test credential, so we could maybe just keep everything in Docker and that's good enough?
There was a problem hiding this comment.
I'd agree with you if I could find a reasonable way to use a specific string as an Application-Specific Password. Unfortunately, wp-cli doesn't seem to offer this – it'll make you a token, but then you have to get it out of the container somehow, and this was the most straightforward way I could see to do that 🤷
In test-server, we remove the file, re-create it
That's a file ownership thing – I took a shortcut to make it so that the file would be present on-disk without thewpclicontainer being able to write the entire filesystem (which results in conflicts, because it needs its own WordPress installation that's not the same version we're trying to specify)
With the Docker setup, we probably don't need a local test credential
I'm thinking that if you want to run this locally you'd use this approach too – make test-server then run your e2e test suite. The test suite can just pick up the test_credentials file and use its authentication details to run the tests?
There was a problem hiding this comment.
Aaah, we do need to take it out of the container, because we need to use it while running our tests. I kind of blanked on that, sorry.
I think we can probably change the name a bit to maybe hint at how this is handled by docker. Something like generated_test_credentials or even docker_generated_test_credentials?
| WORDPRESS_DB_PASSWORD: wordpress | ||
| WORDPRESS_DB_NAME: wordpress | ||
| WORDPRESS_CONFIG_EXTRA: | | ||
| # Allow application passwords to be used without HTTPS |
There was a problem hiding this comment.
Just out of curiosity, is that because we'd have certificate issues?
There was a problem hiding this comment.
For security, if a WordPress site isn't using HTTPS application passwords are disabled entirely, so this configuration item says "it's okay, this is a local installation" which gives us more debug info on errors and re-enables application passwords – seems like a nice win all around
There was a problem hiding this comment.
For some reason I thought even the local installation would use a debug certificate and use HTTPS rather than using HTTP. Thank you for clarifying.
"it's okay, this is a local installation" which gives us more debug info on errors
I think this is enough to mark this as local. My question was more about the comment about HTTPS.
| docker-compose logs wordpress > logs/wordpress.log | ||
| docker-compose logs mysql > logs/mysql.log | ||
|
|
||
| buildkite-agent artifact upload "logs/*.log" |
There was a problem hiding this comment.
Looks like this hook was executed twice on VM and host. It also runs on some steps that don't use docker. That results in duplicated empty artifacts:
There was a problem hiding this comment.
Addressed in cba14ff, thanks!!
|
There's other stuff we'll want to address, but I'm merging this for now to get it out of the way and allow for more focused adjustments as needed |
3 participants
Adds some initial CI tooling for Rust + Swift – I'm not sure Kotlin makes sense until we start down the path of building a platform-independent implementation?
This also includes boilerplate for Docker-based WordPress test sites (currently using the WP Theme Unit Test content, but we can add more if needed), but right now they're not doing anything useful.