Migrate CircleCI workflows to GitHub Actions (1/3)

[AzfaarQureshi]

What this PR does

This is PR 1/3 of migrating Cortex's CI from CircleCI to GitHub Actions:

Part 1/3 👈

• create test-build-deploy workflow under .github/workflows
• add README
• adding the 3 base jobs
  • lint
  • test
  • build
• these jobs are run async and share no dependencies with each other
• workflow is run when a commit is pushed to master or when any PR is opened. However CD jobs will only run on the master branch and will be skipped otherwise
• all jobs in following PRs are dependant on one or more of these jobs finishing

Part 2/3

• adding jobs dependant on build
  • integration
  • integration-config-db
• This PR completes the CI portion of migration. The following PR will finish the remaining CD portion of the migration

Part 3/3

• This PR completes the migration from CircleCI to GitHub Actions
  • deploy_website is dependant on build, test
  • deploy is dependant on build, test, lint, integration, integration-config-db
• CD jobs will only run on the master branch and will be otherwise skipped

Which issue(s) this PR fixes:

Fixes #3274

Checklist

• Tests updated
• Documentation added
• CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

[AzfaarQureshi]

A significant number of commands in the Makefile were hardcoded with an assumed file structure of the CI container. make sure previous commands don’t break a symlink was created instead from the hardcoded “expected” working directory go/src/github.com/cortexproject/cortex to the actual working directory $GITHUB_WORKSPACE.

[AzfaarQureshi]

As of Oct 2020 GitHub Actions does not persist between different jobs in the same workflow. Each job is run on a fresh virtual environment. As such, we need to upload and download artifacts to share data between jobs.

Docker Images are zipped before uploading as a workaround. The images contain characters that are illegal in the upload-artifact action.

[pracucci]

Very good job! Overall LGTM. I just left few questions here and there, but I can't see any blocker.

[pracucci]

Do you think we can use something similar to defaults: &defaults in the CircleCI yaml, in order to avoid the repetition of image: quay.io/cortexproject/build-image:update-golang-1.14.9-eb0c8d4d2 and being able to define the build image only once in this file?

[shovnik]

There exists a "defaults" field for GitHub actions, but it automatically applies to all jobs in the workflow. The integration and integration-configs-db jobs that will be added to the workflow with PR 2/3 of the migration do not use the default container so using a default would require explicitly removing the default container from those jobs by setting them to None.

We would like to reuse setup commands and default containers with something like commands in CircleCI, but this feature is not available yet on GitHub Actions.

Status: https://github.community/t/reusing-sharing-inheriting-steps-between-jobs-declarations/16851

[AzfaarQureshi]

GHA doesn't support yaml anchors yet because of some security reasons but they are actively working on it

[pstibrany]

Would it be possible to use env variable instead?

[pracucci]

This is not a blocker for getting this PR merged. We can discuss it separately.

[pracucci]

Have you figured out if we actually need to upload these artifacts? I know we do it in CircleCI but I have the feeling they're unused (at least I don't remember if we still use them anywhere).

[AzfaarQureshi]

Oh, we included it because this PR here made it seem like there was an explicit decision to save these files. Has the situation changed? But you are right, those artifacts are not used anywhere else within CI

[pstibrany]

Since then we have added these files into Git, so I think #1224 is not relevant anymore.

[pstibrany]

(In #1399)

[pracucci]

I also think we don't need to store these artifacts anymore.

[pstibrany]

Great job, thank you very much for doing this!

(Nit: In next PRs I would suggest moving the comments from README.md into YAML files, to keep it at one place.)

[pstibrany]

This looks suspicious... why create many links instead of one:

mkdir -p /go/src/github.com/cortexproject/
ln -s "$GITHUB_WORKSPACE" /go/src/github.com/cortexproject/cortex

[pstibrany]

Not sure if compression gives us anything here. We can use tar without -z flag to make it run faster (but use more disk space).

[shovnik]

The compression was in fact unnecessary. We removed it in the subsequent migration PR: #3341

[pstibrany]

This linking is explained in README, apart from doing review, who reads that? I'd include the explanations from README directly into this file.

[shovnik]

Added a comment explaining this within the code itself in the subsequent PR to address this.
#3341

[pstibrany]

Would it be possible to use env variable instead?

[pstibrany]

Should we set BUILD_IN_CONTAINER=false as env variable for entire workflow or at least individual jobs?

[pracucci]

But BUILD_IN_CONTAINER is not an environment variable. At least, doesn't work if you set it as env variable. Am I missing anything?

[pstibrany]

Since then we have added these files into Git, so I think #1224 is not relevant anymore.

[pracucci]

LGTM, thanks!

[pracucci]

But BUILD_IN_CONTAINER is not an environment variable. At least, doesn't work if you set it as env variable. Am I missing anything?

[pracucci]

@AzfaarQureshi We merged the PR since it's in a good shape, but we would be glad if you could address the remaining comments in a subsequent PR. Thanks!

[pstibrany]

But BUILD_IN_CONTAINER is not an environment variable. At least, doesn't work if you set it as env variable. Am I missing anything?

"Every environment variable that make sees when it starts up is transformed into a make variable with the same name and value." (from GNU Make docs)

But you say that it doesn't work when set as env variable, so perhaps there is something in our Makefile that prevents that?