ci: merge bitcoin#27314, #28954, introduce dependency options in GitHub Actions builds, fix multiprocess builds, bump to Clang 18 #6400
Conversation
kwvg
changed the title
kwvg
force-pushed
the
ci_stuff
branch
2 times, most recently
from
15cdb62
to
1d1ff41
Compare
kwvg
changed the title
|
This pull request has conflicts, please rebase. |
|
This pull request has conflicts, please rebase. |
There was a problem hiding this comment.
light utACK 3cc8c70
I have concerns about this PR; but I'm not sure how to communicate them, and don't have good actionable feedback.
I'm concerned the patch-set as is will make the GitHub CI / build.yml harder to understand and harder to improve; but I also cannot at this moment figure out an alternative way to accomplish what is needed to be accomplished. Some of the commits just "feel" wrong, but ultimately it's just for CI, so it's not that big of a deal, and I don't have ways imagined for how to improve the situation; so probably best path is to merge, and maybe I'll figure out something I like more later.
| echo "dep-matrix=$(jq -r '.dep' -c .github/workflows/matrix.json)" >> $GITHUB_OUTPUT | ||
| echo "src-matrix=$(jq -r '.src' -c .github/workflows/matrix.json)" >> $GITHUB_OUTPUT |
There was a problem hiding this comment.
I kinda hate using jq in the build.yml like this; but I guess it's ok
There was a problem hiding this comment.
The alternative would be having to maintain two JSON files (they would have to be JSON if we want to share params between them without resorting to duplication), which wouldn't be the worst thing in the world but imo since src will be reading from dep for values and they are configuring the same actions run, just different jobs, consolidation would be better.
Plus we'd be using jq later on regardless to read through the matrix definition later on to find dep_opts and host from depends_name.
There was a problem hiding this comment.
these 2 JSON seems doens't have any dependency on each other, maybe better to have 2 files?
Is there any case, when you need both of them at once?
There was a problem hiding this comment.
Because they the second section (src) refers to the first section (dep) later on and they ultimately represent two halves of one workflow.
dash/.github/workflows/build.yml
Lines 126 to 136 in 3cc8c70
Examples of these are explained in the PR description.
| - build_target: linux64_nowallet | ||
| host: x86_64-pc-linux-gnu | ||
| depends_on: linux64 | ||
| matrix: ${{ fromJson(needs.build-image.outputs.src-matrix) }} |
There was a problem hiding this comment.
I fear this overcomplicates build.yml and will make it harder to improve / debug / logic on
There was a problem hiding this comment.
Outputs have to be generated in the previous job in order to be used in the current job and creating a new job just to read the matrix seems a bit wasteful, so the build image step is being used to also read, generate and export as output, the matrices needed for the next two jobs.
We can probably try reusable workflows (source) in the future, it'll be more GitLab-like but would invite duplication and a different kind of convoluted syntax. Depends on how reliable this setup proves to be.
|
I think I found a way to do this with no jq/json and no duplication either (and bring two CI-s a bit closer to each other while at it), pls check UdjinM6@c40a595 (CI: Github + Gitlab) |
|
@UdjinM6, I like the idea of going back to honoring the One of the arrangements are to use the Another example is the SQLite build, which has a different This can be trivially fixed by ensuring all the So the proposed approach does deduplicate between GitHub and GitLab configurations but requires duplication in every matrix definition script. If this is an acceptable tradeoff, I'll cherry-pick the changes. Thoughts? |
|
Interesting... So we were using wrong depends for these build targets in CI all this time. Smth like 94e37ef (CI: https://github.com/UdjinM6/dash/actions/runs/11999294004 + https://gitlab.com/UdjinM6/dash/-/pipelines/1558281977) on top of my previous commit should fix it (NOTE: |
|
Also, I wonder why we bump clang to 18 manually via 77795a5 instead of doing it via corresponding backports. Can you clarify this pls? |
| echo "dep-matrix=$(jq -r '.dep' -c .github/workflows/matrix.json)" >> $GITHUB_OUTPUT | ||
| echo "src-matrix=$(jq -r '.src' -c .github/workflows/matrix.json)" >> $GITHUB_OUTPUT |
There was a problem hiding this comment.
these 2 JSON seems doens't have any dependency on each other, maybe better to have 2 files?
Is there any case, when you need both of them at once?
| @@ -10,5 +10,5 @@ export CONTAINER_NAME=ci_native_multiprocess | |||
| export PACKAGES="cmake python3 llvm clang" | |||
| export DEP_OPTS="DEBUG=1 MULTIPROCESS=1" | |||
| export GOAL="install" | |||
| export BITCOIN_CONFIG="--with-boost-process --enable-debug CC=clang CXX=clang++" # Use clang to avoid OOM | |||
| export BITCOIN_CONFIG="--with-boost-process --enable-debug CC=clang-16 CXX=clang++-16" # Use clang to avoid OOM | |||
There was a problem hiding this comment.
why clang-16 is enforced here?
There was a problem hiding this comment.
To reduce ambiguity. Currently, both Clang 16 and distro-supplied Clang are installed and you have to specify Clang 16 using the suffix -16 while the variables above would be using distro-supplied clang.
This ambiguity has been sorted by removing distro-supplied Clang and LLVM but I'd prefer explicitly stating the compiler version we're expecting, esp. when we're outwardly deciding the version.
| @@ -284,7 +284,7 @@ linux64_tsan-build: | |||
| - .build-template | |||
| - .skip-in-fast-mode-template | |||
| needs: | |||
| - x86_64-pc-linux-gnu_debug | |||
| - x86_64-pc-linux-gnu_multiprocess | |||
There was a problem hiding this comment.
why tsan became multiprocess? it should not be changed IMO
There was a problem hiding this comment.
In trying to strike a balance between testing different compilers and limiting the number of builds (both depends and source) to save resources, having multiprocess build with Clang 18 and then using it to also build TSan so we have access to a more recent thread sanitizer is the goal.
Upstream eventually wants to enable multiprocess in its depends anyways and their primary obstacle is multiprocess not playing nice with fuzz (as expressed in PR description).
| @@ -7,7 +7,7 @@ ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London" | |||
| # (zlib1g-dev is needed for the Qt host binary builds, but should not be used by target binaries) | |||
| ENV APT_ARGS="-y --no-install-recommends --no-upgrade" | |||
|
|
|||
|
|
|||
| SHELL ["/bin/bash", "-c"] | |||
There was a problem hiding this comment.
it's not good to depends on bash, sh should be enough:
$ sh -c 'for i in a b c ; do echo $i ; done'
a
b
c
There was a problem hiding this comment.
bash is part of the base Ubuntu distribution and will be required in dash#6387 regardless.
| # We don't need all packages but the default set doesn't include some | ||
| # packages we want so we will need to install some of them manually. | ||
| ARG LLVM_VERSION=16 | ||
| RUN set -ex; \ |
There was a problem hiding this comment.
looks a bit too complex, maybe better to make sh script for it instead line for better readability?
There was a problem hiding this comment.
Making a script that won't be reused/user-triggerable doesn't seem necessary, but I can add echo comments to serve as documentation for steps. Would that be alright?
@UdjinM6, we can do it through backports like bitcoin#29765. Will switch change to backport on next push!
I had done similar changes in dash#6387 by adding a separate variant for GCC 14 depends but @PastaPastaPasta has suggested to reuse an existing build variant to reduce the number of overall variants to conserve resources (now in that PR I think we can go ahead with your solution if we're okay with explicitly specifying that |
Additional Information
Depends on ci: use
actions/cacheto manage depends cache #6406Dependency for ci: build GCC 14, build
nowalletdepends and source with it, stage built packages in/opt, allowlist LLVMlibc++#6387bitcoin#27314 has been backported in this PR as bitcoin#25838 (backported in dash#6384) broke Clang depends builds and this PR introduces Clang depends builds in CI.
Support for multiprocess builds were enabled proper in dash#6143 but unfortunately, the configuration params for multiprocess builds were not processed by CI as the build variant was not added to
matrix.sh(source). This is evident by comparing two variants with Boost::Process enablement (--with-boost-process),linux64_fuzz(source) andlinux64_multiprocess(source).Looking at a
develop(6a51ab2) build, the fuzz build has it enabled (source) while the multiprocess build doesn't (source) despite both scripts having the enablement argument.bitcoin#28954 has been backported to fix a problem associated with multiprocess runs (build)
The fuzz build will continue to use GCC-built
dependsinstead of Clang-builtdependsas originally planned, as Clang-builtdependsare multiprocess-enabled and currently multiprocess and fuzz don't play nice together (see upstream build failure for example, source, corresponding with local failure, source).Clang has been bumped to 18 in anticipation of bitcoin#30201, which will drop (
native_llvm, formerly known asnative_clang) and mandate the presence of Clang 18 or higher for cross-compilation.The
versionattribute in thedevelopcontainer'sdocker-compose.ymlhas been dropped as the attribute has been deprecated in the compose spec (source).To avoid LLDB's "personality set failed: Operation not permitted" error caused by its attempt at disabling ASLR for debugging (source), the container will now operate under relaxed restrictions (
seccomp=unconfined). As disabling ASLR is valuable when debugging and the container isn't used by CI but is meant for individual developers, we have opted to relax restrictions instead of skipping ASLR disablement.This does not affect CI as these relaxations are defined in the
docker-compose.ymlof thedevelopcontainer, which inherits from the CI container but is a container of its own.As
DEP_OPTSis a new parameter that could require rebuilding depends, it needs to be incorporated into the cache key. The simplest way to do it is to append the hash of the file that definesDEP_OPTS(build.yml) to the cache key. This comes with the drawback that any change tobuild.ymlcould result in a cache miss due to a changed hash.This has been mitigated by appending the hash of
DEP_OPT's value instead. As GitHub doesn't make this easy, it has to be done in a prior "Determine params" step.matrix.jsonand usejqto interpret it. We can usejqto query values (dep_opts) meant for one matrix (deps) using a value (depends_name) from the other matrix (src).hostin both matrices as the value ofhostis taken by the second matrix (src) by fetching it from the array of the first matrix (deps) with matchingdepends_name.headtrims the output ofsha256sumto 64 characters, the hash itself isn't being trimmed but everything after it is (trailing hyphen and newline). This is also whyecho -nis used in some places, to avoid newline addition resulting in a different hash value.Breaking Changes
None expected
Checklist