CI script changes needed for the New CI #218
Conversation
bensze01
added
enhancement
bensze01
force-pushed
the
dev/bensze01/openci-testing
branch
7 times, most recently
from
81d82b5 to
e1e1777
Compare
bensze01
force-pushed
the
dev/bensze01/openci-testing
branch
from
e1e1777 to
8d1aab7
Compare
bensze01
force-pushed
the
dev/bensze01/openci-testing
branch
from
8d1aab7 to
aacb082
Compare
Signed-off-by: Bence Szépkúti <[email protected]>
ECRs are not used on the current Open CI, nor is the value of docker_ecr used in the Open CI codepaths. Signed-off-by: Bence Szépkúti <[email protected]>
Use the full URL instead of the shortened form that docker also permits. Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
This way we don't need to update the script if we change which CI runs the merge queues. Signed-off-by: Bence Szépkúti <[email protected]>
The image name on the new CI corresponds to the public Dockerhub urls. Signed-off-by: Bence Szépkúti <[email protected]>
Define a new method, common.mbedtls_node() to make the transition easier. This lets us keep using the same node labels accross the CIs in most of the codebase. Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
Log the reason docker manifest inspect failed to help debugging. It may fail in an unexpected way, eg. if dockerhub is rate limiting us. Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
Signed-off-by: Bence Szépkúti <[email protected]>
bensze01
force-pushed
the
dev/bensze01/openci-testing
branch
from
aacb082 to
a192372
Compare
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
Mostly looks good to me on visual inspection. I know this is already running live on the new CI. I still want:
- Better documentation.
- Some validation that this doesn't break the old CI while we're transitioning.
vars/common.groovy
Outdated
| @Field final boolean is_open_ci_env = env.JENKINS_URL ==~ /\S+(mbedtls\.trustedfirmware\.org)\S+/ | ||
|
|
||
| /* Indicates if CI is running on the new CI (hosted on https://ci.trustedfirmware.org/) */ | ||
| @Field final boolean is_new_ci_env = !is_open_ci_env && (env.JENKINS_URL ==~ /\S+(trustedfirmware)\S+/) |
There was a problem hiding this comment.
Please give the “new CI” a distinctive name. I don't want to change this file to start distinguishing between the “old new CI” and the “new new CI” in a few years.
vars/common.groovy
Outdated
| /* Indicates if CI is running on Open CI (hosted on https://ci.trustedfirmware.org/) */ | ||
| @Field is_open_ci_env = env.JENKINS_URL ==~ /\S+(trustedfirmware)\S+/ | ||
| /* Indicates if CI is running on Open CI (hosted on https://mbedtls.trustedfirmware.org/) */ | ||
| @Field final boolean is_open_ci_env = env.JENKINS_URL ==~ /\S+(mbedtls\.trustedfirmware\.org)\S+/ |
There was a problem hiding this comment.
Non-blocker: I'd prefer something a little more structured and comprehensible, like
enum CI_Instance {
CI_Other, // Unexpected, may happen when trying out new infrastructure
CI_ArmInternal, // Arm internal CI (since 2017)
CI_ArmOpenCI, // Arm-maintained OpenCI (since 2025)
CI_LinaroOpenCI, // Linaro-maintained OpenCI (since 2022)
}
def CI_Instance ci_from_url(String url_string) {
String host = url_string.toURL().getHost()
if (host ==~ /\.arm\.com$/) {
return CI_ArmInternal
} else if (host ==~ /mbedtls.*\.trustedfirmware\.org$/) {
return CI_LinaroOpenCI
} else if (host ==~ /\.trustedfirmware\.org$/) {
return CI_ArmOpenCI
} else {
return CI_Other
}
}
@Field which_ci = ci_from_url(env.JENKINS_URL)
|
|
||
| ``` | ||
| node (label) { | ||
| common.mbedtls_node (label) { |
There was a problem hiding this comment.
More things need updating in the developer guide.
- TF OpenCI -> TF OpenCI (legacy) - New CI (testing) -> TF OpenCI Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
minosgalanakis
force-pushed
the
dev/bensze01/openci-testing
branch
from
552c956 to
87703e9
Compare
|
As of 87703e9 Had to remove the code to implement this change. It was throwing me into a rabit hole of scripts permissions missalignment between CI's. Testing jobs |
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
Looks mostly good to me on code inspection. I can't think of anything else that would need updating in the guide.
Once the code changes are complete, please link the test jobs that you've run in the PR description.
|
|
||
| #### Jenkins jobs | ||
|
|
||
| On OpenCI, the jobs are defined by YAML configuration files managed in a Gerrit instance: [browse code](https://review.trustedfirmware.org/plugins/gitiles/ci/mbedtls/mbed-tls-job-configs), [contributor setup](https://review.trustedfirmware.org/Documentation/user-upload.html), [reviews](https://review.trustedfirmware.org/q/project:ci/mbedtls/mbed-tls-job-configs+status:open). On the internal CI, the jobs and job configurations can be edited directly through the web interface. |
There was a problem hiding this comment.
Can someone confirm whether the new OpenCI uses the same repository as the old OpenCI for the configuration?
I see a branch called openci-migration in that repository, is it relevant? Does it need to be merged as part of the CI transition?
There was a problem hiding this comment.
The "new" CI indeed uses the openci-migration branch for now (since we need slightly different configuration for the two CIs at the moment.)
It can be migrated back to the master branch at our leisure once the "old" OpenCI is shut down.
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
|
Head at 68c77aa |
gilles-peskine-arm
left a comment
gilles-peskine-arm
left a comment
There was a problem hiding this comment.
Looks good to me at 68c77aa in terms of reading the code.
With respect to validation, given the changes here, I would like to see tests that exercise the following features: docker instantiation (so basically anything), actual use of arm-compilers because it gets special treatment (so e.g. a PR job or a release job), actual use of the various node labels, GitHub reporting, and a Dockerfile rebuild. So I propose, on all thre CIs:
- The pr-merge action on mbed-tls-restricted-pr-ci-testing that you've tested on legacy and internal, but replay it on internal once the “No space left on device” problem is resolved (internal ticket: OSSDEVOPS-17004), and do it on the new CI once we fix the problem that https://ci.trustedfirmware.org/job/mbed-tls-restricted-pr-ci-testing/ isn't seeing any pull request (misconfiguration of the job?).
- A run of https://ci.trustedfirmware.org/job/mbedtls-release-ci-testing on 68c77aa plus some trivial Dockerfile update.
|
Thanks for fixing the link. However, I haven't done a full review, nor did I intend do. Are you expecting a full review from me, or just a check that my drive-by comment has been addressed? |
Signed-off-by: Minos Galanakis <[email protected]>
minosgalanakis
force-pushed
the
dev/bensze01/openci-testing
branch
from
30738c9 to
e5add1f
Compare
|
Testing at e5add1f |
This PR contains all the changes needed to get the new CI working with the
mainbranch. Resolves #225.(Currently it runs off of
dev/dgreen-arm/openci-testing)