Migrate release CI back to github #9437
Conversation
hasufell
force-pushed
the
purge-gitlab
branch
16 times, most recently
from
001d0e1
to
bb01a96
Compare
Also includes:
|
hasufell
force-pushed
the
purge-gitlab
branch
2 times, most recently
from
5c37718
to
34a7c9c
Compare
hasufell
force-pushed
the
purge-gitlab
branch
2 times, most recently
from
3187a1a
to
8781d59
Compare
|
Workflow:
|
hasufell
force-pushed
the
purge-gitlab
branch
2 times, most recently
from
81397df
to
0800602
Compare
|
EDIT: I have been a bit quick to approve without giving much background, so here it is: This is appealing because:
As such I am inclined to give this pipeline a chance for these two cases. The linux jobs of the Gitlab pipeline have never been a problem when I took care of 3.10.2.0, so I don't think we need to get rid of them. |
We get rid of gitlab CI so we don't have to maintain two entirely separate CIs and then figure out how to mangle everything together in a big mess. That's dead code and unnecessary redundancy. Adding new linux distro/distro-versions to the current github CI release pipeline is very easy. |
|
Time comparison:
|
hasufell
force-pushed
the
purge-gitlab
branch
from
0800602
to
a88308c
Compare
There was a problem hiding this comment.
Since I am not a Cabal release manager, I don't think my comments about the new workflow should be binding, but I hope they are helpful.
I do think the GitLab stuff should be kept as a backup as part of good change management, however, so I will request that change.
I think it's a bit funny that the pipeline is still using multiple sources (GitHub and Cirrus). You could just as easily use GitLab as the backend. Or GitLab could use Cirrus to pick up FreeBSD. Maybe I'll try that.
The final thing I'd recommend is documentation. I assume the release workflow is documented in this repo?
Overall lgtm and I'll defer to the actual release managers for the actual approvals!
| @@ -0,0 +1,66 @@ | |||
| #!/bin/bash | |||
|
|
|||
| set -eux | |||
There was a problem hiding this comment.
I prefer explicit tracing instead of increasing default verbosity everywhere because it adds a permanent tax on reading and storing logs. I feel like a lot of my career has been spent figuring out how to filter useless log messages. But maybe that's just me.
| tags: | ||
| - 'cabal-install-*' | ||
| schedule: | ||
| - cron: '0 2 * * *' |
There was a problem hiding this comment.
Who is alerted when scheduled jobs fail on GitHub Actions? Assuming it's more than one person, this will be an improvement over GitLab. But fwiw, the release pipeline runs on every push to master on GitLab, rather than on a schedule. I think either is fine, but I want to highlight the change to other reviewers.
There was a problem hiding this comment.
Notifications for scheduled workflows are sent to the user who initially created the workflow. If a different user updates the cron syntax in the workflow file, subsequent notifications will be sent to that user instead.
| DISTRO: ${{ matrix.platform.DISTRO }} | ||
| ADD_CABAL_ARGS: ${{ matrix.platform.ADD_CABAL_ARGS }} | ||
|
|
||
| - if: always() |
There was a problem hiding this comment.
It's possible the build finished, but the script errored anyway. It's good to have the binary for investigation
| - if: matrix.ARCH == 'ARM' | ||
| uses: docker://hasufell/arm32v7-ubuntu-haskell:focal | ||
| name: Run build (armv7 linux) | ||
| with: | ||
| args: bash .github/scripts/build.sh | ||
| env: | ||
| ARTIFACT: ${{ matrix.ARTIFACT }} | ||
|
|
||
| - if: matrix.ARCH == 'ARM64' | ||
| uses: docker://hasufell/arm64v8-ubuntu-haskell:focal | ||
| name: Run build (aarch64 linux) | ||
| with: | ||
| args: bash .github/scripts/build.sh | ||
| env: | ||
| ARTIFACT: ${{ matrix.ARTIFACT }} |
There was a problem hiding this comment.
Why are these two steps instead of one parameterized step? The name doesn't seem important; it could just be "Run build", and the docker image could be a matrix parameter. Right?
There was a problem hiding this comment.
Afair the uses doesn't allow variables.
| shell: pwsh | ||
| run: | | ||
| C:\msys64\usr\bin\bash -lc "pacman --disable-download-timeout --noconfirm -Syuu" | ||
| C:\msys64\usr\bin\bash -lc "pacman --disable-download-timeout --noconfirm -Syuu" |
There was a problem hiding this comment.
Is this duplication intentional?
There was a problem hiding this comment.
Could use a comment then.
|
I think I messed up by marking my review as "needs changes". The actual change I want is the restoration of GitLab files. I don't think my other suggestions should be binding. |
Ironically, the GitLab pipeline took forever because the Darwin job had to queue |
That would mean we just increased complexity, which defeats the purpose of this PR. If anything goes extremely wrong during the next release, you can restore the gitlab code from the git history. |
Co-authored-by: Bryan Richter <bryan@haskell.foundation>
If it wasn't clear, I meant to keep it around for the next release and then dropping it. I hope that doesn't defeat the purpose. This change is bigger than just reimplementing some code ,and keeping two systems running in parallel is good practice. And basically free in this case. |
Regarding this one point, I'd make it two releases and I'd keep the gitlab CI running all the time to ensure we spot problems in it ASAP, just as we do today. While I'm talking, @hasufell, thank you for the PR. I remember the big appeal of your proposal long ago, now materialised, was that we'd test what we release. Does this PR bring us closer to the point where we test daily the same binaries that will be released? In particular, are our normal GHA tests run on these artifacts, and when not applicable, on the exact commits from which the artifacts are created? What's the roadmap to unify CI and release CI, to a reasonable extent? |
I don't agree with this at all. There's no indication this is necessary. In HLS we also didn't need it and it has a much more complex CI. |
To avoid a deadlock I've created https://github.com/chreekat/cabal/tree/b/add-github-release-ci, which is an edited version of this branch that keeps GitLab CI. I hope it won't be necessary. |
|
I can split the PR in two commits, so that Gitlab removal is easier to revert in case it's necessary. But I won't subscribe to "let's keep code in master, just in case". That's bad engineering practice. |
I don't think anybody is proposing that. Gitlab CI would be running continuously so that we can spot any problems and fix them ASAP and during a release, if needed, the release manager would be able to compare the results of gitlab and github, test behaviour of the artifacts from both systems, etc. |
|
I have decided to build bindists myself for the next cabal release, so cabal's CI isn't relevant for GHCup directly anymore. You can use this PR and the contained patch as you please. |
|
I have reopened this to prevent us losing valuable work. |
|
And thank you @hasufell for working on this! |
There was a problem hiding this comment.
Just leaving some comments as I had the time to read this properly. It looks quite comprehensive! good stuff.
PS: @hasufell you have been clear that you don't intend to continue working on this so my comments are not to be taken as request for more work from you :-) They more like notes to my future self.
|
|
||
| # https://github.com/haskell/cabal/issues/7313#issuecomment-811851884 | ||
| if [ "$(getconf LONG_BIT)" == "32" ] || [ "${DISTRO}" == "CentOS" ] ; then | ||
| echo 'constraints: lukko -ofd-locking' >> cabal.project.release.local |
There was a problem hiding this comment.
I believe this should just be included in cabal.project.release under a if arch(I386) conditional. I am not sure if there is something specific to CentOS, it does not seem to be mentioned in the thread above
| args=( | ||
| -w "ghc-$GHC_VERSION" | ||
| --disable-profiling | ||
| --enable-executable-stripping |
There was a problem hiding this comment.
other things that should be in cabal.project.release
| timeout_in: 120m | ||
| only_if: $CIRRUS_TAG != '' | ||
| env: | ||
| ADD_CABAL_ARGS: "--enable-split-sections" |
There was a problem hiding this comment.
this can be implemented in cabal.project.release under a conditional if os(FreeBSD)
| uses: actions/checkout@v3 | ||
|
|
||
| - if: matrix.ARCH == 'ARM' | ||
| uses: docker://hasufell/arm32v7-ubuntu-haskell:focal |
There was a problem hiding this comment.
Are there officially maintaned images we can use?
| ARTIFACT: ${{ matrix.ARTIFACT }} | ||
|
|
||
| - if: matrix.ARCH == 'ARM64' | ||
| uses: docker://hasufell/arm64v8-ubuntu-haskell:focal |
|
|
||
| - name: git config | ||
| run: | | ||
| git config --global --get-all safe.directory | grep '^\*$' || git config --global --add safe.directory "*" |
There was a problem hiding this comment.
in the current ci we just do
git config --global protocol.file.allow always
and we have a comment point to https://bugs.launchpad.net/ubuntu/+source/git/+bug/1993586 (cabal PR #8546)
No description provided.