Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 052af2dce813dba9f74ffc05ffd760e60a37c23b^! / . / scripts / create_container.sh
commit052af2dce813dba9f74ffc05ffd760e60a37c23b[log] [tgz]
authorLeopold Schabel <leo@nexantic.com>Wed Nov 06 02:21:53 2019 +0000
committerLeopold Schabel <leo@nexantic.com>Wed Nov 06 02:21:53 2019 +0000
treee0c5dac8c237ad4e92a6c2d91427678d8a4e1691
parentb51b4171390ec52433f8c06faef46ef5eccf91d4 [diff] [blame]
Simple CI pipeline for Smalltown Core

Since we run as root on the build server, we can properly mount a tmpfs
as the shared build volume with exec support (this is still broken for
unprivileged create_container.sh). We'll have to see when and if this
blows up, and whether we want to use a disk-backed volume instead.

The pipeline has two stages that run the following commands:

- `scripts/run_ci.sh ${build.id} ${target.phid} bazel build //core/scripts:launch`

- `timeout 30 scripts/run_ci.sh ${build.id} ${target.phid} bazel run //core/scripts:launch; true` (for visual inspection)

Those are placeholders - we will want to integrate any and all
tests in Bazel, only trigger tests whose dependencies have been
modified in a given build step, and report individual results back
to Habormaster.

What works:

- Persistent working copies on the build server. Drydocks caches a number of
  persistent repository copies to avoid a full clone on each build, and
  uses a leasing mechanism to allocate them. Of course, this means we
  have to be careful about not polluting the repo, but Bazel takes care of that.

- Shared build cache with fast incremental rebuilds
  (a build with no changes takes ~15s including the podman build step).

- Full rebuild after volume deletion takes ~4m.

- Build output shows up in Phabricator in real time.

- Aborting a build properly cancels the running build and clean up the pod.

- Launching the QEMU VM.

- Reporting build status back to Harbormaster (noop at the moment, can
  be used to report unit test states later). This uses the awesome undocumented
  SSH conduit transport so we don't have to deploy a separate token on the host.

- Phabricator revisions are drafts until all tests complete successfully.

Test Plan: See tests :-)

Bug: T483

X-Origin-Diff: phab/D242
GitOrigin-RevId: 64eca996c8704cb0cd4f1cbb4f88f71a6fdca1eb

diff --git a/scripts/create_container.sh b/scripts/create_container.sh
index de9d2cb..0a137bd 100755
--- a/scripts/create_container.sh
+++ b/scripts/create_container.sh

@@ -24,6 +24,8 @@
 chcon -R unconfined_u:object_r:user_home_t:s0 \
   .arcconfig .idea .git
 
+# Keep this in sync with ci.sh:
+
 podman pod create --name nexantic
 
 # TODO(leo): mount .cache/bazel on a volume (waiting for podman issue to be fixed)