-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI backlog #51682
Comments
I'd like to copy all Docker images into our own organization - either in ECR or in the form of tarballs in an S3 bucket. |
|
Also #43182 |
Avoid using the public Rust repository because it sometimes does not respond. |
This type of discussion bumps up from time to time. It has two different approaches, and I disagree that we must use one of them blindly. |
@Felixoid Various images like Hadoop, PHP, Nginx are only needed for tests, and pinning them is - safer; - saner than allowing updating at unpredictable times from unreliable sources. Also, it's only a matter of time before Dockerhub will be pwned. For example, you will not trust Sourceforge today. And trash images without version pinning are vulnerable to malicious takeover. Say, tomorrow, someone took over Hadoop and uploaded version 99.9 with malware. |
We need to be sure we are on the same page. Now I don't get what exactly you advocate. Are we speaking about every image still, or just about the images for integration tests?
Testing the current world's state and compatibility with the modern versions is better, than having stale tests for versions eight years old like hadoop 2.7.0. What is this test actually about? How long time ago it was the last time touched?
This type of concern is usually addressed by something like artifactory with a snapshot. At my previous company, the in-house infrastructure to address a similar thing was built by a team of ~15 in a few years. It wasn't an exclusive task, but once built it did require continuous polishing.
Define
Is it about And once again, images like
|
Every image. They should be pinned to specific versions, and bytewise identity has to be validated.
Not better.
No problem, if you don't like this - don't do it. |
@qoega proposed a great idea, that should cover your concern regarding uncontrolled updates, and my wish to have everything updated automatically in a daily manner Here it is. Now we have a nightly It sounds ∞ times better than the current state, and I hope it looks good to you too. |
This is good for me. |
I've removed Coverity: #52775 |
From @alexey-milovidov
|
Here's my opinions regarding the action points from the previous comment:
|
If a check has failed in the previous commits, run it and its dependencies first, and stop the runs if it has failed again. |
I assume you speak about workflows' jobs. If so, we have zero control over the queue. Nothing we can do here while we use GH actions. And the tree is a static dict described in |
Good point to get rid of GitHub Actions. |
This is an example of why GitHub Actions is inefficient: #53697 |
I agree that they are terrible.. but what exactly is the issue there? |
This PR only modified a functional test - we can limit the number of tasks to applying this functional test only on the latest build from the master. |
We can not skip the launch completely, that's right. But we can use the code to skip all the builds and all kind of other tests. It will be just done at the init state It's described in the tasks already. |
To lower the cost of builds, we should use Graviton machines for every build type (both x86_64 and arm), because we are always cross-compiling. The only remaining part is grpc-compiler, CC @rschu1ze |
Obtain test results for interrupted runs from the CI database, and if there are any failures - generate a report, and don't run the check again. If there are no failures, run only the remaining tests on text try. |
Updated the list. It already was there partially, except the idea to fail even earlier |
@Felixoid, it is again very relevant. We should always pin all the dependencies. |
Comments about the automatic release process. The system is designed to have a pair of eyes on the workflows launched after the release is created. It explicitly states it in the logs:
The script to make it automatically doesn't make the whole system resilient. And during the last time we've had too much issues with it to discuss the moving forward here. Either we lose Unless the workflows themselves are stable and in some final step, the autorelese process is out of discussion. Another point: it's mentioned that the releases should be daily. It will overload two places at the same time. Both git and package repos will be overloaded with unnecessary packages and tags. Currently the task should be executed once a week, so it better to preserve the current behavior. |
I would like to let you know about the docker images' rebuild. After extensive work by @maxknv, we have idempotent docker tags based on the repo's state. Every docker Then, the only job that is done every night is tagging the current |
Here are the collected wishes from email, slack and #34694
The highest prio, CI costs
artifact
steps to S3 from GH actions. Then they'll be both visible and usable out of the actions. Now they aren't visible during the workflow run at all. #53921can_skip_{some_workflow_step}
#54243 inClickHouse/tests/ci/pr_info.py
Lines 306 to 357 in 310ac6f
composite
actions. #54349 An example of how it's done is in my experimental repo Felixoid/actions-experiments@77ff720:latest
image, but the latest built image in the master ORIGIN_MERGE #54242 WIP in Use not the absolute latest docker image tag #54369checkout
stage to get and compress thegit
repository with all submodules. It will reduce the build time and, maybe, the network too. Although, the leak of the token must be prevented. #53848 checked in [wip] CI jobs use comressed repo archive #54346, failedHigh prio
port is already in use
, so could use cross-parallel runnings keeper instance to store everything is currently in use theretests/ci/*.lib
files to docker images #54540latest
in the PR and check everything<details>
Low prio
watch inactive
and close issues with it after 1-month inactivityrun_check.py:should_run_ci_for_pr
to check if the PR is created from the same fork. If so, continuetests/ci
mcr.microsoft.com/dotnet/sdk
,sequenceiq/hadoop-docker:2.7.0
, which it makes sense to get into our own docker organizationMergeable Check
to show notFailed: check_name
butPending: check name
addordinglyos.path.join
intests/ci
where it's possible in favor ofpathlib.Path
Get rid of the most ofos.path
stuff #55028coveragecoverity builds Remove Coverity from workflows, but leave in the code #51842Add wishes in comments
The text was updated successfully, but these errors were encountered: