ci: arm docker builds #4804
ci: arm docker builds #4804
Conversation
0c98559 to
2eafcde
Compare
|
This. Is. Blowing. My. Mind. 🤯 |
|
|
|
|
|
|
It says it could not bind to |
Not sure what's going on. This is running in an emulator in docker, so there's a lot of strange things that could be going on. I pushed up some changes to the proxy so that it will try to bind only on 127.0.0.1 in case it is the IPv6 problem. |
|
Interestingly, something still tries to bind to |
|
/rebuild |
|
Okay, @ethomson, I started to rebuild this pull request. |
|
At least in the latest test the proxy server does bind to 127.0.0.1: Still, something tries to bind to |
Yes, I agree. It's a red herring in this, it appears. I can repro this locally - I thought I had all the tests passing last night. So either I misunderstood what I saw last night (likely) or I broke something between now and then (also possible). |
|
Aha. Running java directly yields a big fat clue: This appears to happen on any jar. 😞 |
|
Aha - this happens on bionic too with OpenJDK 11. However it errors with: Right before the segfault. (I suspect that xenial does, too, and I just missed that message.) Right, then, let's try gcj. The poxyproxy is doing so precious little that it might just work. |
ded95e1 to
e1d1803
Compare
|
/rebuild |
|
Okay, @ethomson, I started to rebuild this pull request. |
1e3a832 to
fbc1820
Compare
.vsts-ci.yml
Outdated
| qemu: 'true' | ||
| imageName: 'libgit2/xenial-arm32:test' | ||
| environmentVariables: | ||
| SKIP_PROXY_TESTS: true |
There was a problem hiding this comment.
Looks like the wrong kind of whitespace. CI complains about this line, too.
.vsts-ci.yml
Outdated
| qemu: 'true' | ||
| imageName: 'libgit2/xenial-arm64:test' | ||
| environmentVariables: | ||
| SKIP_PROXY_TESTS: true |
fbc1820 to
98c4cff
Compare
|
Thanks, @neithernut. In my haste I forgot to clean up tabs vs spaces.
…On Wed, Sep 12, 2018 at 10:06 PM, Julian Ganz ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In .vsts-ci.yml
<#4804 (comment)>:
> @@ -56,6 +56,30 @@ jobs:
CMAKE_OPTIONS=-DUSE_HTTPS=mbedTLS -DSHA1_BACKEND=mbedTLS
LEAK_CHECK=valgrind
+- job: linux_xenial_arm32
+ displayName: 'Linux (Xenial; arm32)'
+ pool:
+ vmImage: 'Ubuntu 16.04'
+ steps:
+ - template: ci/vsts-docker.yml
+ parameters:
+ qemu: 'true'
+ imageName: 'libgit2/xenial-arm32:test'
+ environmentVariables:
+ SKIP_PROXY_TESTS: true
Looks like the wrong kind of whitespace. CI complains about this line,
too. *pointing out the obvious*
------------------------------
In .vsts-ci.yml
<#4804 (comment)>:
> + qemu: 'true'
+ imageName: 'libgit2/xenial-arm32:test'
+ environmentVariables:
+ SKIP_PROXY_TESTS: true
+
+- job: linux_xenial_arm64
+ displayName: 'Linux (Xenial; arm64)'
+ pool:
+ vmImage: 'Ubuntu 16.04'
+ steps:
+ - template: ci/vsts-docker.yml
+ parameters:
+ qemu: 'true'
+ imageName: 'libgit2/xenial-arm64:test'
+ environmentVariables:
+ SKIP_PROXY_TESTS: true
Same here.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#4804 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABE-Hj7ynYYj4HMjadaeRMcFindOl1cqks5uaXdsgaJpZM4Wj1aA>
.
|
53b4399 to
ca36b88
Compare
.vsts-ci.yml
Outdated
| @@ -56,6 +56,32 @@ jobs: | |||
| CMAKE_OPTIONS=-DUSE_HTTPS=mbedTLS -DSHA1_BACKEND=mbedTLS | |||
| LEAK_CHECK=valgrind | |||
|
|
|||
| - job: linux_xenial_x86 | |||
There was a problem hiding this comment.
Maybe you should include "gcc" in the name
.vsts-ci.yml
Outdated
| CC=gcc | ||
| LEAK_CHECK=valgrind | ||
|
|
||
| - job: linux_xenial_x86 |
9200495 to
7c96eb8
Compare
|
/rebuild |
|
Okay, @ethomson, I started to rebuild this pull request. |
7c96eb8 to
b869a8a
Compare
.vsts-ci.yml
Outdated
| qemu: 'true' | ||
| imageName: 'libgit2/xenial-arm64:test' | ||
| environmentVariables: | | ||
| SKIP_PROXY_TESTS=true |
There was a problem hiding this comment.
Is this all supposed to be part of our "main" CI infrastructure? If so, by how much does it increase our CI build times? If the delay is quite noticable, I'd vote to have this as a nightly job instead, as we have said in past discussions.
There was a problem hiding this comment.
I 100% agree. I was just hoping to iterate on these by putting them in the PR validation configuration so that they would get built. (There are a handful of other ways to do this, I could have set up a new pipelines configuration, but I'm lazy.)
.vsts-ci.yml
Outdated
| @@ -57,7 +57,7 @@ jobs: | |||
| LEAK_CHECK=valgrind | |||
|
|
|||
| - job: linux_xenial_arm32 | |||
| displayName: 'Linux (Xenial; arm32)' | |||
| displayName: 'Linux (Xenial; arm32; GCC)' | |||
There was a problem hiding this comment.
Shouldn't these jobs then also say whether they use OpenSSL or mbedTLS, if we aim for consistency?
| @@ -40,6 +41,9 @@ void test_buf_oom__grow(void) | |||
| cl_assert(git_buf_oom(&buf)); | |||
|
|
|||
| git_buf_dispose(&buf); | |||
| #else | |||
| cl_skip(); | |||
| #endif | |||
There was a problem hiding this comment.
You know, we should just use our custom allocators here. Create a custom test allocater that only has
Obviously, that doesn't have to be part of this PR.
There was a problem hiding this comment.
Ooooooh, that's a good idea.
There was a problem hiding this comment.
Addressing this in a separate pullrequest - forthcoming.
| ... | ||
| fun:gcry_pk_sign | ||
| obj:*libssh2.so* | ||
| } |
There was a problem hiding this comment.
I really cannot imagine that libbsh2 or libgcrypt is to blame. I mean, I've tried multiple times to debug this issue and see whether we fail to use the APIs correctly, without any finds. But I just cannot imagine them being so lenient with regards to memory leaks.
b869a8a to
78ef950
Compare
As the number of each grow, separate the CI build scripts from the YAML definitions.
78ef950 to
543a694
Compare
Use multiarch arm32 and arm64 docker images to run Xenial-based images for those platforms. We can support all the tests on ARM32 and 64 _except_ the proxy-based tests. Our proxy on ARM seems regrettably unstable, either due to some shoddy dependencies (with native code?) or the JREs themselves. Run these platforms as part of our nightly builds; do not run them during pull request or CI validation.
Bind the proxy specifically to 127.0.0.1 instead of all addresses. This is not strictly necessary for operations, but having a potentially open proxy on a network is not a good idea.
Use Bionic so that we have a modern libssh2 (for communicating with GitHub). We've ported fixes to our Trusty-based amd64 images, but maintaining patches for multiple platforms is heinous.
Newer dependencies means newer places to leak!
On a 32-bit Linux systems, the value large enough to make malloc guarantee a failure is also large enough that valgrind considers it "fishy". Skip this test on those systems entirely.
We don't need two separate docker images for OpenSSL and mbedTLS. They've been combined into a single image `trusty-amd64` that supports both.
57ef0f3 to
7c55716
Compare
|
I've also created a repository that containers the Dockerfiles that we use to create these images. |
|
Cool, this is great! Is there any particular reason why you feel like the Dockerfiles shouldn't be part of libgit2 directly? We already have a "ci" directory, so I'd feel like it's the perfect place for them to live in. |
🤔 No. I have no preference either way. I'd be happy to move them into |
|
I think it makes sense to have them as part of libgit2. It's not like they make any sense as standalone files outside of the scope of libgit2, and they are part of our CI setup. Furthermore, I don't think they're much of a maintenance burden and don't add much to libgit2's size. So only pros, no cons, I think. |
Docker can leverage QEMU to run images on other platforms! Introduce an arm32 based build.