Introduce Github Actions CI workflow #3339
Conversation
siggy
force-pushed
the
siggy/action-time
branch
from
1e213cc to
6bd874c
Compare
|
@olix0r Correct re: artifact publishing. For the moment Travis will continue to handle that. I'd like to get Github Actions in place just for pull request CI, then later take on artifact publishing and release automation. |
.github/workflows/workflow.yml
Outdated
| - name: Checkout code | ||
| uses: actions/checkout@v1 | ||
| - name: ENV | ||
| run: env | sort |
There was a problem hiding this comment.
Wouldn't this leak secrets?
There was a problem hiding this comment.
The actions UI obscures them. Also that line was for debugging, I've removed it.
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v1 | ||
| - name: Yarn setup |
There was a problem hiding this comment.
If we wanted to get rid of this step, would we need to use an image with yarn already installed? Build cache it? Copy files from a tarball?
There was a problem hiding this comment.
Yeah any of those approaches would work. We run this command today in Travis, so mostly looking to match that setup before optimizing.
| run: | | ||
| export PATH="$HOME/.yarn/bin:$PATH" | ||
| export NODE_ENV=test | ||
| bin/web |
There was a problem hiding this comment.
I assume this just came over from the existing tooling, but should it be more explicit what's being done? Maybe bin/web setup && bin/web test? I don't think a build is required and it might speed things up some.
There was a problem hiding this comment.
Yeah that's correct this is cribbed from Travis. I'm totally down to optimize further, but for this PR I mostly want to get it into the pipeline as-is.
| DOCKER_HOST_PRIVATE_KEY: ${{ secrets.DOCKER_HOST_PRIVATE_KEY }} | ||
| run: | | ||
| mkdir -p ~/.ssh/ | ||
| echo "$DOCKER_HOST_PRIVATE_KEY" > ~/.ssh/id_rsa |
There was a problem hiding this comment.
This'll put the full key in the logs, right?
There was a problem hiding this comment.
There was a problem hiding this comment.
Oh, I was using a Makefile and that auto-expanded this for reasons. Ignore me!
There was a problem hiding this comment.
fwiw, steps within a job shares the same workspace filesystem. If we ever need to add -x, we can use shell to write the secrets to files on the filesystem, and refer them (e.g. scp -i) in subsequent steps.
| DOCKER_HOST_PRIVATE_KEY: ${{ secrets.DOCKER_HOST_PRIVATE_KEY }} | ||
| run: | | ||
| mkdir -p ~/.ssh/ | ||
| echo "$DOCKER_HOST_PRIVATE_KEY" > ~/.ssh/id_rsa |
There was a problem hiding this comment.
Same question as above.
There was a problem hiding this comment.
| env: | ||
| DOCKER_ADDRESS: ${{ secrets.DOCKER_ADDRESS }} | ||
| DOCKER_HOST_PRIVATE_KEY: ${{ secrets.DOCKER_HOST_PRIVATE_KEY }} | ||
| run: | |
There was a problem hiding this comment.
Is there a way to make this step more common? Is there a sandbox shared between all the steps?
There was a problem hiding this comment.
Yeah, it's unfortunate we're doing this Docker SSH setup step across 4 different jobs. Each job runs in a separate VM so not great shared option.
From a performance perspective, this step only takes 1 second.
From a maintenance perspective, I agree it's less than ideal. We solved this in Travis using YAML aliases, but this is not supported in Github Actions.
| run: | | ||
| TAG="$(CI_FORCE_CLEAN=1 bin/root-tag)" | ||
| export KIND_CLUSTER=github-$TAG-${{ matrix.integration_test }} | ||
| bin/kind delete cluster --name=$KIND_CLUSTER |
There was a problem hiding this comment.
If the kind cluster doesn't exist, does this succeed? Or, does it even matter?
There was a problem hiding this comment.
If the cluster doesn't exist, this command will fail. This is probably fine because if we've gotten this far and the cluster does not exist, a previous job must have failed.
|
Integration test results for 57503f8: success 🎉 |
| env: | ||
| GITCOOKIE_SH: ${{ secrets.GITCOOKIE_SH }} | ||
| run: | | ||
| echo "$GITCOOKIE_SH" | bash |
There was a problem hiding this comment.
We also had this in Travis, but I've never known what it is for...
There was a problem hiding this comment.
Good question! It's to mitigate rate-limiting when pulling go dependencies:
golang/go#12933 (comment)
The good news is we should be able to remove this when Go 1.13 lands, as Google will run a module mirror:
https://proxy.golang.org/
| kind_setup: | ||
| strategy: | ||
| matrix: | ||
| integration_test: [deep, upgrade, helm] |
There was a problem hiding this comment.
This looks awesome 🥇
A few ideas about dependencies:
- Can we have
go_unit_testsandjs_unit_testsdepend on the success ofvalidate_go_depsandgo_lint(these being fast, it shouldn't augment too much the overall time)? docker_buildcould also depend ongo_unit_testsandjs_unit_tests.
On the other hand, do you know how this interacts with forks?
|
@alpeb Re: Dependencies between jobs, I'd like to avoid introducing dependencies unless a job actually depends on a previous job. The goal is to minimize the total time for all jobs to complete, and also make clear what jobs depends on other jobs. While Fortunately the Github PR and Actions UIs provide feedback when individual jobs fail, prior to the full workflow completing, so the user gets feedback asap. For reference, right now the critical path is: |
| DOCKER_ADDRESS: ${{ secrets.DOCKER_ADDRESS }} | ||
| DOCKER_HOST: ssh://github@${{ secrets.DOCKER_ADDRESS }} | ||
| GITCOOKIE_SH: ${{ secrets.GITCOOKIE_SH }} | ||
| run: | |
There was a problem hiding this comment.
I'm curious about the error reporting in run. So if e.g., the scp command fail, does run terminate immediately? And does the UI show which shell command fail? Or do we need -e? Setting -x is probably not a good idea here, because of the secret env var.
There was a problem hiding this comment.
Fail fast is on by default:
https://help.github.com/en/articles/workflow-syntax-for-github-actions#jobsjob_idstepsrunshell
I believe the UI highlights which command fails.
| DOCKER_HOST_PRIVATE_KEY: ${{ secrets.DOCKER_HOST_PRIVATE_KEY }} | ||
| run: | | ||
| mkdir -p ~/.ssh/ | ||
| echo "$DOCKER_HOST_PRIVATE_KEY" > ~/.ssh/id_rsa |
There was a problem hiding this comment.
fwiw, steps within a job shares the same workspace filesystem. If we ever need to add -x, we can use shell to write the secrets to files on the filesystem, and refer them (e.g. scp -i) in subsequent steps.
|
@ihcsim Agree good to highlight the |
|
Filed related issues in the Sort of relates to this issue in actions/checkout: |
siggy
force-pushed
the
siggy/action-time
branch
2 times, most recently
from
172a3e7 to
e859815
Compare
The existing Travis CI setup requires additional integrations and permissions with Github, and also lacks some flexibility around job dependency management. Introduce a new CI workflow based on Github Actions. This initial workflow performs the same CI work that Travis does, and will iniitially run in parallel: - Go unit tests - JS unit tests - Go lint - Validate Go deps - Integration tests (deep, upgrade, helm) Signed-off-by: Andrew Seigner <[email protected]>
Signed-off-by: Andrew Seigner <[email protected]>
Signed-off-by: Andrew Seigner <[email protected]>
Signed-off-by: Andrew Seigner <[email protected]>
siggy
force-pushed
the
siggy/action-time
branch
from
e859815 to
d3c0efe
Compare
PR #3339 introduced a GitHub Actions CI workflow. Add a badge to the top of README.md to report status of the CI workflow. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Retry kind cluster creation once Retry log reading from integration k8s clusters once Add kind cluster creation debug logging Add a badge to the top of README.md to report status of the CI workflow. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to the top of README.md Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to the top of `README.md`. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to the top of `README.md`. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to the top of `README.md`. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to top of `README.md`. Signed-off-by: Andrew Seigner <[email protected]>
PR #3339 introduced a GitHub Actions CI workflow. Booting 6 clusters simultaneously (3x Github Actions + 3x Travis) exhibits some transient failures. Implement fixes in GitHub Actions and integration tests to address kind cluster creation and testing: - Retry kind cluster creation once. - Retry log reading from integration k8s clusters once. - Add kind cluster creation debug logging. - Add a GitHub Actions status badge to top of `README.md`. Signed-off-by: Andrew Seigner <[email protected]>
The existing Travis CI setup requires additional integrations and
permissions with Github, and also lacks some flexibility around job
dependency management.
Introduce a new CI workflow based on Github Actions. This initial
workflow performs the same CI work that Travis does, and will iniitially
run in parallel:
Signed-off-by: Andrew Seigner [email protected]