[RFC] CI overhaul

[umarcor]

Ref #619 #621

This PR shows a different approach to CI and how container images are defined and used.

---

Currently, all the Dockerfiles are generated in a single shell/bash script, using environment variables for setting versions. That feels unidiomatic. In this PR, Dockerfiles are defined in separate files, which can be edited without the need to escape due to bash constraints. Differences in procedures between versions of the OSs are handled through dockerfile stages. At the same time, version variables are handled through build arguments.

---

The current Dockerfile generation strategy cats several sections in a single Dockerfile for each target. Instead, this PR defines two images for each target: 'basic' and 'bazel'. The former contains all the dependencies, except Bazel. The latter is based on the former and includes Bazel.

---

The current build procedure executes a single docker build command, where all the dependencies are installed and Verible is built. Then, a dummy container is created just for extracting the artifact. Images and container are not saved/reused. In this PR, two docker build commands are executed, one for 'basic' and another one for 'bazel' images. Then, Verible is built in a temporary container.

The rationale is that those 'basic' and 'bazel' images do not need to be built each time. Those can be updated in an scheduled workflow. Then, the regular workflow would only need to pull one image and build Verilator in it. At the same time, any contributor can pull the image and build Verilator, without installing all the dependencies each time.

This was not implemented yet, because a registry needs to be used and I want to have feedback first. Nonetheless, the workflow in this PR shows three steps.

---

Instead of having multiple jobs trying to create a release, in this PR an additional job is defined, which is to be executed after all the build jobs finish. The additional job (named Release) downloads all the artifacts, creates a release and uploads all the assets at once. This job is only executed on branch master, and not for PRs.

/cc @mithro

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[google-cla]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[umarcor]

@googlebot I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[google-cla]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[mithro]

I like a lot of this pull request, need to take a little bit of a closer look however.

[mithro]

Can you rebase onto master?

[umarcor]

I can, but not today. It's not straightforward because install and success scripts are moved into the workflow. I'd rather rebase after #623 and #624.

[mithro]

I think the direction this is going makes sense.

[mithro]

I would call this base and maybe Creating "base" container image for ${{ matrix.os }} (to build Verible inside) and Adding "bazel" to "base" container image for ${{ matrix.os }}?

[umarcor]

Images are now renamed to 'basic' and 'build'. I use 'base' for the images that are retrieved from Docker Hub.

[mithro]

./releasing/docker-run.sh $OS prepare-image-add-bazel

[mithro]

This is only needed for some versions of CentOS right?

[umarcor]

Yes. That dockerfile has theree stages:

• The first stage (L1-L12) is used regardless of the OS version.
• The second stage (L14-L25) is executed on CentOS 8 only.
  • Others use the third stage right below (L27-L53).

[umarcor]

The dockerfile was renamed to centos.basic.dockerfile.

[mithro]

BTW -- Ideally these commands would be in the README and pull into these files in some way (maybe using tuttest?).

[umarcor]

Now, the list of supported base images is located in releasing/supported_bases.txt. Rather than having that content in the README (which requires parsing Markdown; and that's not fancy), I would just add a link from the README to that file.

[umarcor]

This PR is now rebased on top of master.

The failure on centos:8 is expected. It's fixed in #629.

However, I could not track which is the mistake that is making centos:7 fail:

https://github.com/umarcor/verible/runs/1521978326?check_suite_focus=true#step:6:225

...
ERROR: /wrk/centos-7/verible-v0.0-814-gc3f415c/bazel/BUILD:20:15: error executing shell command: '/bin/bash -c function cleanup_function() {
local ecode=$?
if [ $ecode -eq 0 ]; then
cleanup_on_success
else
cleanup_on_failure
fi
}
...

[hzeller]

Did this pull request fall of the radar ? @mithro you were looking at it last, any fresh comments ?

[mithro]

Can you rebase this onto master and then I think we can consider merging it?

[umarcor]

@mithro, as you see, centos7 is still failing. Let's merge #684 first.

[codecov-commenter]

Codecov Report

Merging #622 (a50953b) into master (b11c55c) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #622   +/-   ##
=======================================
  Coverage   92.84%   92.84%           
=======================================
  Files         337      337           
  Lines       22500    22500           
=======================================
  Hits        20891    20891           
  Misses       1609     1609           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b11c55c...a50953b. Read the comment docs.